From 0baad9e02267a51379fcb6fd83255e6a9546cf28 Mon Sep 17 00:00:00 2001
From: kdletters <kdletters@qq.com>
Date: Wed, 10 Jun 2026 10:42:33 +0800
Subject: [PATCH 1/9] =?UTF-8?q?=E8=AE=B0=E5=BD=95=20dev=20Gitea=20?=
 =?UTF-8?q?=E5=86=85=E7=BD=91=E8=AE=BF=E9=97=AE=E5=85=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

在运维文档补充 dev Gitea 内网 Git 地址和验证命令
在 Hermes 决策记录同步内网入口与访问限制
---
 .hermes/shared-memory/decision-log.md                 | 8 ++++++++
 docs/【开发运维】本地开发验证与生产运维-2026-05-15.md | 2 ++
 2 files changed, 10 insertions(+)

diff --git a/.hermes/shared-memory/decision-log.md b/.hermes/shared-memory/decision-log.md
index f8799da4..1f77557c 100644
--- a/.hermes/shared-memory/decision-log.md
+++ b/.hermes/shared-memory/decision-log.md
@@ -16,6 +16,14 @@
 
 ---
 
+## 2026-06-10 dev Gitea 提供内网 HTTP 入口
+
+- 背景：release / dev 目标 agent 需要从 dev 自托管 Gitea 拉取仓库；继续走 `https://git.genarrative.world/...` 会绕公网链路，`10.2.0.10:3000` 又受云侧端口策略影响不能作为稳定入口。
+- 决策：dev 上 Gitea 进程保持 `HTTP_ADDR = 127.0.0.1`、`HTTP_PORT = 3000`，公网 `ROOT_URL = https://git.genarrative.world/` 不变；新增 Nginx 内网 vhost `/etc/nginx/conf.d/gitea-internal.conf`，只允许 `10.2.0.0/16` 与本机访问，并把 `http://10.2.0.10/` 反代到本机 Gitea。内网 agent 统一使用 `http://10.2.0.10/GenarrativeAI/Genarrative.git` 作为可直连 Git 源。
+- 影响范围：dev Gitea / Nginx 运维配置、Jenkins `SOURCE_GIT_REMOTE_URL`、release / dev 目标 agent checkout 口径。
+- 验证方式：从 release 执行 `git ls-remote http://10.2.0.10/GenarrativeAI/Genarrative.git HEAD` 应返回 HEAD；公网来源伪造 `Host: 10.2.0.10` 访问 dev 公网 80 应返回 `403`；`https://git.genarrative.world/` 原入口应保持 `200`。
+- 关联文档：`docs/【开发运维】本地开发验证与生产运维-2026-05-15.md`。
+
 ## 2026-06-08 微信能力按领域收口
 
 - 背景：微信登录、订阅消息、普通微信支付和小程序虚拟支付能力曾分散在 `api-server` 根模块、`platform-auth` 与 `platform-wechat`，支付协议细节和业务 handler 边界不够清晰。
diff --git a/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md b/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
index c45c23ec..400ae33a 100644
--- a/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
+++ b/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
@@ -256,6 +256,8 @@ Jenkins 按 web / api / Spacetime module / build / deploy / publish 拆分
 
 生产 Jenkins 的 `Pipeline script from SCM` 由 Jenkins controller 读取 Jenkinsfile。`Genarrative-Server-Provision` 是服务器初始化流水线，Job 配置里的 SCM URL 必须使用 controller 本机可访问的仓库路径或内网 Gitea 地址，不能使用 `https://git.genarrative.world/...`；否则日志一开始的 `Checking out git ... to read jenkins/Jenkinsfile.production-server-provision` 就会先从公网拉 Jenkinsfile。构建类流水线仍按各自 Jenkinsfile 的 checkout 口径执行；所有 `GitSCM checkout` 都必须保留单分支 refspec、`shallow=true`、`depth=1`、`noTags=true` 与 `honorRefspec=true`。API / Web / Stdb 发布类流水线不在目标机器 checkout Git，统一执行上游构建归档里的部署脚本，避免产物 commit 与部署脚本 commit 漂移。
 
+dev 服务器上的 Gitea 内网入口固定为 `http://10.2.0.10/GenarrativeAI/Genarrative.git`，用于 release / dev 等内网 agent 直接拉取仓库，避免绕公网 `git.genarrative.world`。该入口由 dev Nginx `/etc/nginx/conf.d/gitea-internal.conf` 暴露，只允许 `10.2.0.0/16` 和本机访问；Gitea 进程自身仍只监听 `127.0.0.1:3000`，公网域名 `https://git.genarrative.world/` 继续走原有 TLS 反代。验证时从 release 执行 `git ls-remote http://10.2.0.10/GenarrativeAI/Genarrative.git HEAD`，应能直接返回 HEAD。
+
 `scripts/jenkins-checkout-source.sh` 是生产 Jenkinsfile 内部二次确认源码的统一入口。构建流水线和服务器初始化流水线传入 `COMMIT_HASH` 时，脚本必须先保持 `depth=1` 浅拉，若上游 commit 已在浅历史内则直接校验并 checkout；只有浅历史无法证明 commit 属于目标分支时，才按 `GENARRATIVE_JENKINS_CHECKOUT_DEEPEN_STEPS`（默认 `50 200 1000 5000`）逐步加深，最后才尝试展开完整历史。`Genarrative-Api-Deploy`、`Genarrative-Web-Deploy` 和 `Genarrative-Stdb-Module-Publish` 仍保留上游构建传入的 `COMMIT_HASH` 作为通知和追溯字段，但不再用它在目标机器重新 checkout 部署脚本。
 
 

From 7aafb37f040d53bb0b040145a8a4a21869088190 Mon Sep 17 00:00:00 2001
From: kdletters <61648117+kdletters@users.noreply.github.com>
Date: Wed, 10 Jun 2026 11:10:16 +0800
Subject: [PATCH 2/9] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20Server-Provision=20?=
 =?UTF-8?q?=E6=8C=89=E7=9B=AE=E6=A0=87=E7=8A=B6=E6=80=81=E5=87=86=E5=A4=87?=
 =?UTF-8?q?=E5=B7=A5=E5=85=B7=E5=8C=85?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

新增目标机已有 SpacetimeDB 与 otelcol-contrib 时复用本机安装的准备逻辑
补充 Prepare Provision Tools 传入 SPACETIME_ROOT，避免非默认路径检查错目录
新增 Server-Provision 工具准备回归检查脚本，防止已有工具时仍触发下载
更新开发运维文档与 Hermes 共享记忆，沉淀先检查目标机状态再准备文件的约定
---
 .hermes/shared-memory/decision-log.md         |  1 +
 .hermes/shared-memory/pitfalls.md             |  8 ++
 ...发运维】本地开发验证与生产运维-2026-05-15.md |  2 +-
 .../Jenkinsfile.production-server-provision   |  1 +
 scripts/check-server-provision-tools.sh       | 86 +++++++++++++++++++
 scripts/prepare-server-provision-tools.sh     | 82 +++++++++++++++++-
 6 files changed, 176 insertions(+), 4 deletions(-)
 create mode 100755 scripts/check-server-provision-tools.sh

diff --git a/.hermes/shared-memory/decision-log.md b/.hermes/shared-memory/decision-log.md
index 1f77557c..11bd0e53 100644
--- a/.hermes/shared-memory/decision-log.md
+++ b/.hermes/shared-memory/decision-log.md
@@ -109,6 +109,7 @@
 
 - 背景：`Genarrative-Server-Provision` 的 `DEPLOY_TARGET=development` 语义是部署到 dev 服务器，不是构建机 dry-run。旧流水线把 development 映射到 `linux && genarrative-build`，还先在 build 节点准备 `provision-tools/` 再 stash 给后续阶段，导致真实 dev 初始化可能跑到 Jenkins controller / build 节点；脚本还安装 clang / lld / pkg-config / OpenSSL headers / sccache 等构建链依赖，超出了服务器初始化职责。
 - 决策：Server-Provision 只做服务器初始化，全程运行在目标部署 agent：development 使用 `linux && genarrative-dev-deploy`，release 使用 `linux && genarrative-release-deploy`。`Prepare Provision Tools` 与 `Provision Server` 在同一个目标 agent workspace 顺序执行，不再切到 `linux && genarrative-build`，不再 `stash/unstash` 工具包。`scripts/jenkins-server-provision.sh` 不再安装 clang / lld / pkg-config / libssl-dev / sccache；非 dry-run 仍要求目标 dev / release agent 具备 root 权限，因为 provision 会写 systemd、Nginx、`/etc` 和系统用户。Job 的 `Pipeline script from SCM` 与 Jenkinsfile 参数 `SOURCE_GIT_REMOTE_URL` 都必须使用本机路径或目标 agent 可访问的内网 Git 源，不允许公网 Git fallback。
+- 追加决策（2026-06-10）：`Prepare Provision Tools` 必须先读取目标机现状，再准备需要的文件。目标机 `/usr/local/bin/otelcol-contrib` 版本匹配 `OTELCOL_VERSION` 时直接复用；`${SPACETIME_ROOT}/bin/current/spacetimedb-cli` 和 `spacetimedb-standalone` 存在且 CLI 版本匹配 `SPACETIME_EXPECTED_VERSION` 或 `SPACETIME_DOWNLOAD_ROOT` 中的版本时，直接复用当前安装生成 `provision-tools/`。只有目标机缺失、不可执行或版本不匹配时，才消费 `PROVISION_DOWNLOADS_DIR` 中的本地包或进入下载分支。
 - 影响范围：`jenkins/Jenkinsfile.production-server-provision`、`scripts/jenkins-server-provision.sh`、生产运维文档、Server-Provision 排障口径。
 - 验证方式：Jenkins 日志中 Server-Provision 的 `Prepare`、`Checkout Provision Files`、`Prepare Provision Tools` 和 `Provision Server` 都在目标 dev / release agent 上执行；日志不出现 `Running on Jenkins`、`linux && genarrative-build`、`stash 'server-provision-tools'`、`Git 主地址拉取失败...改用备用地址`、`https://git.genarrative.world/GenarrativeAI/Genarrative.git` 或构建依赖 / sccache 安装步骤；`bash -n scripts/jenkins-server-provision.sh` 和编码检查通过。
 - 关联文档：`docs/【开发运维】本地开发验证与生产运维-2026-05-15.md`。
diff --git a/.hermes/shared-memory/pitfalls.md b/.hermes/shared-memory/pitfalls.md
index 2972bbf6..1b904428 100644
--- a/.hermes/shared-memory/pitfalls.md
+++ b/.hermes/shared-memory/pitfalls.md
@@ -1314,6 +1314,14 @@
 - 验证：Jenkins 日志中 `Provision Target` 下的 `Prepare`、`Checkout Provision Files`、`Prepare Provision Tools` 和 `Provision Server` 都应运行在目标 dev / release agent；日志不应出现 `stash 'server-provision-tools'`、目标阶段 `unstash`、`Git 主地址拉取失败...改用备用地址` 或 `https://git.genarrative.world/GenarrativeAI/Genarrative.git`。
 - 关联：`jenkins/Jenkinsfile.production-server-provision`、`scripts/prepare-server-provision-tools.sh`、`docs/【开发运维】本地开发验证与生产运维-2026-05-15.md`。
 
+## Server-Provision 不要无条件下载工具包
+
+- 现象：目标 dev / release 机器已经安装正确版本的 SpacetimeDB 或 `otelcol-contrib`，但 `Prepare Provision Tools` 仍每次下载 release tarball，网络慢或 GitHub 不稳时会把服务器初始化卡在准备阶段。
+- 原因：工具准备阶段如果只按“生成交付包”理解，会忽略它已经运行在目标部署 agent 上这一事实；此时目标机本地的 `/usr/local/bin/otelcol-contrib` 与 `${SPACETIME_ROOT}/bin/current` 就是可信状态源。
+- 处理：`scripts/prepare-server-provision-tools.sh` 必须先检查目标机状态：`otelcol-contrib --version` 命中 `OTELCOL_VERSION` 时复制现有二进制；`spacetimedb-cli --version` 命中 `SPACETIME_EXPECTED_VERSION` 或 `SPACETIME_DOWNLOAD_ROOT` 推导出的版本且 standalone 同时存在时，复制 `${SPACETIME_ROOT}/bin` 并生成 wrapper。只有缺失、不可执行或版本不匹配时，才查 `PROVISION_DOWNLOADS_DIR` 或下载源。
+- 验证：运行 `bash scripts/check-server-provision-tools.sh`；Jenkins 日志应先出现“检查目标机 ...”，已有版本命中时出现“复用目标机已有 ...”，且不出现“下载 ...”。
+- 关联：`scripts/prepare-server-provision-tools.sh`、`jenkins/Jenkinsfile.production-server-provision`、`docs/【开发运维】本地开发验证与生产运维-2026-05-15.md`。
+
 ## 个人任务 scope 不得扩成 work/site/module
 
 - 现象：个人任务配置为 `work` / `site` / `module` 后进度串桶或静默按 0 处理。
diff --git a/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md b/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
index 400ae33a..4797b4d4 100644
--- a/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
+++ b/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
@@ -277,7 +277,7 @@ dev 服务器上的 Gitea 内网入口固定为 `http://10.2.0.10/GenarrativeAI/
 - `GENARRATIVE_API_MAX_CONCURRENT_REQUESTS=512` 开启应用内 HTTP 并发背压；`GENARRATIVE_API_GALLERY_MAX_CONCURRENT_REQUESTS=320`、`GENARRATIVE_API_DETAIL_MAX_CONCURRENT_REQUESTS=64`、`GENARRATIVE_API_ADMIN_MAX_CONCURRENT_REQUESTS=16` 分别限制公开列表、公开详情和后台 API 热路径。超过许可时直接返回 `429 Too Many Requests` 和 `Retry-After: 1`，`/healthz` 与 `/readyz` 不受该限制。这些值不是 RPS 限速；如果压测中 429 上升但内存和 p95 收敛，说明背压正在保护进程。直连 `api-server` 的极高 RPS 压测若出现 `connection refused`，通常已经打到 TCP 监听 / accept 层，应同时检查 backlog、Nginx upstream keepalive 和前置限流。
 - `api-server` 正常运行时 `/healthz` 返回进程存活状态，`/readyz` 返回是否仍接收新流量；收到 `SIGINT` / `SIGTERM` 后会先把 readiness 标记为不可用，再让 Axum 停止接新连接并等待已有 HTTP 请求排空。systemd 仍以 `KillSignal=SIGINT` 停服务，`TimeoutStopSec=90` 作为长请求排空上限。
 - `genarrative-api.service` 设置 `LimitNOFILE=65535`、`TasksMax=2048`；上线后用 `systemctl show genarrative-api.service -p LimitNOFILE -p TasksMax -p TimeoutStopUSec` 和 `cat /proc/$(pidof api-server)/limits` 核对。
-- Server provision 不再通过 Windows helper 下载，也不再通过 Linux build 节点中转工具包。`Prepare Provision Tools` 在目标 dev / release agent 工作区内准备 SpacetimeDB `2.4.1` 的 `spacetime-x86_64-unknown-linux-gnu.tar.gz` 和 `otelcol-contrib_0.151.0_linux_amd64.tar.gz` 并生成 `provision-tools/`；如果目标服务器下载需要代理，在 `PROVISION_DOWNLOAD_PROXY` 配置目标机可访问的 HTTP 代理。
+- Server provision 不再通过 Windows helper 下载，也不再通过 Linux build 节点中转工具包。`Prepare Provision Tools` 在目标 dev / release agent 工作区内先检查 `/usr/local/bin/otelcol-contrib` 与 `${SPACETIME_ROOT}/bin/current`：版本已满足时直接复用目标机现有文件生成 `provision-tools/`，只有缺失或版本不匹配时才使用 `PROVISION_DOWNLOADS_DIR` 里的本地包或从配置的下载源准备 SpacetimeDB `2.4.1` / `otelcol-contrib 0.151.0`；如果目标服务器下载需要代理，在 `PROVISION_DOWNLOAD_PROXY` 配置目标机可访问的 HTTP 代理。
 - 除 `Genarrative-Server-Provision` 外，`Genarrative-Stdb-Module-Build`、`Genarrative-Web-Build`、`Genarrative-Api-Build`、`Genarrative-*Deploy`、`Genarrative-Database-Import/Export`、`Genarrative-Full-Build-And-Deploy` 和 `Genarrative-Notify-Email` 的生产流水线现都以 Linux agent 为主，仍按各自 Jenkinsfile 的 checkout 口径执行。Server provision 不使用公网备用 Git 源。
 - `otelcol-contrib.service` 作为可选系统服务加入 provision，默认监听 `127.0.0.1:4317/4318` 并使用 `deploy/otelcol/genarrative-debug.yaml`。api-server 是否发送 OTLP 仍由 `GENARRATIVE_OTEL_ENABLED` 控制，服务 unit 见 `deploy/systemd/otelcol-contrib.service`。
 - Nginx `/api/` 与 `/admin/api/` 通过 `genarrative_api` upstream 代理到 `127.0.0.1:8082`，upstream keepalive 为 64；`limit_conn` 负责连接 / 并发保护，`limit_req` 负责入口 RPS 快拒绝。当前模板把公开 gallery list 单独放到 `genarrative_gallery_rps`，默认 `rate=5000r/s`、`burst=4096`、`limit_conn=320`；公开详情和普通 API 放到 `genarrative_api_rps`，后台 API 放到 `genarrative_admin_rps`。通用 `/api` location 设置 `client_max_body_size 64m` 是反代兜底，防止拼图入口页 / 新增关卡本地参考图 Data URL 或旧兼容请求在到达 `api-server` 前被默认 1 MiB 上限拦截；拼图本地参考图前后端统一限制 6MB，历史图片仍提交 `referenceImageAssetObjectId(s)`。若线上出现 `413 Request Entity Too Large` 且 access log 中 `request_time=0.000`、`upstream_status=-`，说明请求在 Nginx 层被拦截，先用 `nginx -T | grep client_max_body_size` 检查 release 模板是否已渲染并 reload，同时检查前端是否超出 6MB 或错误提交了未压缩大图。`limit_conn_status 429` 和 `limit_req_status 429` 必须在 HTTP 与 HTTPS server 中同时生效；若线上压测看到 `limiting connections by zone "genarrative_api_conn"` 却返回 503，优先检查 `nginx -T` 里 HTTPS server 是否缺少这些状态码，以及 `/api/runtime/puzzle/gallery` 是否误落到通用 `location ~ ^/api` 的 `limit_conn=64`。压测时看 `/var/log/nginx/genarrative.access.log` 中的 `request_time`、`upstream_connect_time`、`upstream_header_time`、`upstream_response_time`、`upstream_status`、`request_id`。
diff --git a/jenkins/Jenkinsfile.production-server-provision b/jenkins/Jenkinsfile.production-server-provision
index 9e6da12d..eb5ceb77 100644
--- a/jenkins/Jenkinsfile.production-server-provision
+++ b/jenkins/Jenkinsfile.production-server-provision
@@ -164,6 +164,7 @@ BASH
                 PROVISION_DOWNLOAD_PROXY="${PROVISION_DOWNLOAD_PROXY:-}" \
                 SPACETIME_DOWNLOAD_ROOT="${SPACETIME_DOWNLOAD_ROOT:-https://github.com/clockworklabs/SpacetimeDB/releases/download/v2.4.1}" \
                 SPACETIME_TARGET_HOST="${SPACETIME_TARGET_HOST:-x86_64-unknown-linux-gnu}" \
+                SPACETIME_ROOT="${SPACETIME_ROOT:-/stdb}" \
                 scripts/prepare-server-provision-tools.sh
               '
             '''
diff --git a/scripts/check-server-provision-tools.sh b/scripts/check-server-provision-tools.sh
new file mode 100755
index 00000000..0401529b
--- /dev/null
+++ b/scripts/check-server-provision-tools.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+REPO_ROOT="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")/.." && pwd)"
+TMP_ROOT="$(mktemp -d)"
+trap 'rm -rf "${TMP_ROOT}"' EXIT
+
+WORK_DIR="${TMP_ROOT}/workspace"
+FAKE_BIN_DIR="${TMP_ROOT}/fake-bin"
+TARGET_BIN_DIR="${TMP_ROOT}/target-bin"
+SPACETIME_ROOT_DIR="${TMP_ROOT}/stdb"
+OUTPUT_LOG="${TMP_ROOT}/prepare.log"
+
+mkdir -p \
+  "${WORK_DIR}" \
+  "${FAKE_BIN_DIR}" \
+  "${TARGET_BIN_DIR}" \
+  "${SPACETIME_ROOT_DIR}/bin/current"
+
+cat >"${FAKE_BIN_DIR}/curl" <<'EOF'
+#!/usr/bin/env bash
+echo "curl should not be called when target tools are already ready" >&2
+exit 97
+EOF
+cat >"${FAKE_BIN_DIR}/wget" <<'EOF'
+#!/usr/bin/env bash
+echo "wget should not be called when target tools are already ready" >&2
+exit 97
+EOF
+chmod +x "${FAKE_BIN_DIR}/curl" "${FAKE_BIN_DIR}/wget"
+
+cat >"${TARGET_BIN_DIR}/otelcol-contrib" <<'EOF'
+#!/usr/bin/env bash
+echo "otelcol-contrib version 0.151.0"
+EOF
+chmod +x "${TARGET_BIN_DIR}/otelcol-contrib"
+
+cat >"${SPACETIME_ROOT_DIR}/bin/current/spacetimedb-cli" <<'EOF'
+#!/usr/bin/env bash
+echo "spacetimedb-cli 2.4.1"
+EOF
+cat >"${SPACETIME_ROOT_DIR}/bin/current/spacetimedb-standalone" <<'EOF'
+#!/usr/bin/env bash
+echo "spacetimedb-standalone 2.4.1"
+EOF
+chmod +x \
+  "${SPACETIME_ROOT_DIR}/bin/current/spacetimedb-cli" \
+  "${SPACETIME_ROOT_DIR}/bin/current/spacetimedb-standalone"
+
+if ! (
+  cd "${WORK_DIR}"
+  PATH="${FAKE_BIN_DIR}:${PATH}" \
+    WORKSPACE="${WORK_DIR}" \
+    PROVISION_TOOLS_DIR="provision-tools" \
+    PROVISION_DOWNLOADS_DIR="downloads" \
+    PROVISION_TOOLS_TMP_PARENT="${WORK_DIR}/.tmp/server-provision-tools" \
+    PROVISION_REQUIRE_LOCAL_DOWNLOADS="true" \
+    OTELCOL_TARGET_BIN="${TARGET_BIN_DIR}/otelcol-contrib" \
+    OTELCOL_VERSION="0.151.0" \
+    SPACETIME_ROOT="${SPACETIME_ROOT_DIR}" \
+    SPACETIME_EXPECTED_VERSION="2.4.1" \
+    "${REPO_ROOT}/scripts/prepare-server-provision-tools.sh" \
+    >"${OUTPUT_LOG}" 2>&1
+); then
+  echo "[check-server-provision-tools] prepare-server-provision-tools.sh 执行失败。" >&2
+  cat "${OUTPUT_LOG}" >&2
+  exit 1
+fi
+
+grep -q "复用目标机已有 otelcol-contrib" "${OUTPUT_LOG}"
+grep -q "复用目标机已有 SpacetimeDB 安装" "${OUTPUT_LOG}"
+grep -q "otelcol-contrib 0.151.0 target existing" "${WORK_DIR}/provision-tools/MANIFEST.txt"
+grep -q "spacetime target existing" "${WORK_DIR}/provision-tools/MANIFEST.txt"
+
+test -x "${WORK_DIR}/provision-tools/otelcol-contrib"
+test -x "${WORK_DIR}/provision-tools/spacetime/spacetime"
+test -x "${WORK_DIR}/provision-tools/spacetime/bin/current/spacetimedb-cli"
+test -x "${WORK_DIR}/provision-tools/spacetime/bin/current/spacetimedb-standalone"
+
+if grep -q "下载 " "${OUTPUT_LOG}"; then
+  echo "[check-server-provision-tools] 已有目标机工具时不应进入下载分支。" >&2
+  cat "${OUTPUT_LOG}" >&2
+  exit 1
+fi
+
+echo "[check-server-provision-tools] OK"
diff --git a/scripts/prepare-server-provision-tools.sh b/scripts/prepare-server-provision-tools.sh
index 8bbd8266..edb44a12 100755
--- a/scripts/prepare-server-provision-tools.sh
+++ b/scripts/prepare-server-provision-tools.sh
@@ -7,9 +7,12 @@ OTELCOL_VERSION="${OTELCOL_VERSION:-0.151.0}"
 PREPARE_OTELCOL="${PREPARE_OTELCOL:-${ENABLE_OTELCOL:-true}}"
 OTELCOL_DOWNLOAD_ROOT="${OTELCOL_DOWNLOAD_ROOT:-https://github.com/open-telemetry/opentelemetry-collector-releases/releases/download}"
 OTELCOL_ARCHIVE_PATH="${OTELCOL_ARCHIVE_PATH:-}"
+OTELCOL_TARGET_BIN="${OTELCOL_TARGET_BIN:-/usr/local/bin/otelcol-contrib}"
 SPACETIME_INSTALLER_URL="${SPACETIME_INSTALLER_URL:-https://install.spacetimedb.com}"
 SPACETIME_DOWNLOAD_ROOT="${SPACETIME_DOWNLOAD_ROOT:-https://github.com/clockworklabs/SpacetimeDB/releases/download/v2.4.1}"
 SPACETIME_TARGET_HOST="${SPACETIME_TARGET_HOST:-x86_64-unknown-linux-gnu}"
+SPACETIME_ROOT="${SPACETIME_ROOT:-/stdb}"
+SPACETIME_EXPECTED_VERSION="${SPACETIME_EXPECTED_VERSION:-}"
 SPACETIME_ARCHIVE_PATH="${SPACETIME_ARCHIVE_PATH:-}"
 SPACETIME_INSTALLER_PATH="${SPACETIME_INSTALLER_PATH:-}"
 SPACETIME_UPDATE_INSTALLER_PATH="${SPACETIME_UPDATE_INSTALLER_PATH:-}"
@@ -65,6 +68,60 @@ download_file() {
   fi
 }
 
+resolve_spacetime_expected_version() {
+  local download_root="${SPACETIME_DOWNLOAD_ROOT%/}"
+
+  if [[ -n "${SPACETIME_EXPECTED_VERSION}" ]]; then
+    printf "%s" "${SPACETIME_EXPECTED_VERSION}"
+    return
+  fi
+
+  if [[ "${download_root}" =~ /v([0-9]+(\.[0-9]+){1,2})$ ]]; then
+    printf "%s" "${BASH_REMATCH[1]}"
+  fi
+}
+
+target_otelcol_ready() {
+  local version_output
+
+  echo "[prepare-provision-tools] 检查目标机 otelcol-contrib: ${OTELCOL_TARGET_BIN}"
+  if [[ ! -x "${OTELCOL_TARGET_BIN}" ]]; then
+    echo "[prepare-provision-tools] 目标机 otelcol-contrib 不存在或不可执行，将准备交付文件。"
+    return 1
+  fi
+
+  version_output="$("${OTELCOL_TARGET_BIN}" --version 2>/dev/null || true)"
+  if [[ -n "${OTELCOL_VERSION}" && "${version_output}" != *"${OTELCOL_VERSION}"* ]]; then
+    echo "[prepare-provision-tools] 目标机 otelcol-contrib 版本不匹配，期望 ${OTELCOL_VERSION}，当前: ${version_output:-unknown}"
+    return 1
+  fi
+
+  echo "[prepare-provision-tools] 目标机 otelcol-contrib 已满足要求: ${version_output:-version unknown}"
+  return 0
+}
+
+target_spacetime_ready() {
+  local target_cli="${SPACETIME_ROOT}/bin/current/spacetimedb-cli"
+  local target_standalone="${SPACETIME_ROOT}/bin/current/spacetimedb-standalone"
+  local expected_version version_output
+
+  echo "[prepare-provision-tools] 检查目标机 SpacetimeDB: ${SPACETIME_ROOT}/bin/current"
+  if [[ ! -x "${target_cli}" || ! -x "${target_standalone}" ]]; then
+    echo "[prepare-provision-tools] 目标机 SpacetimeDB current 目录不完整，将准备交付文件。"
+    return 1
+  fi
+
+  expected_version="$(resolve_spacetime_expected_version)"
+  version_output="$("${target_cli}" --version 2>/dev/null || true)"
+  if [[ -n "${expected_version}" && "${version_output}" != *"${expected_version}"* ]]; then
+    echo "[prepare-provision-tools] 目标机 SpacetimeDB 版本不匹配，期望 ${expected_version}，当前: ${version_output:-unknown}"
+    return 1
+  fi
+
+  echo "[prepare-provision-tools] 目标机 SpacetimeDB 已满足要求: ${version_output:-version unknown}"
+  return 0
+}
+
 validate_relative_dir() {
   local label="$1"
   local path="$2"
@@ -101,13 +158,21 @@ prepare_otelcol() {
 
   require_cmd tar
 
+  if target_otelcol_ready; then
+    echo "[prepare-provision-tools] 复用目标机已有 otelcol-contrib: ${OTELCOL_TARGET_BIN}"
+    install -m 0755 "${OTELCOL_TARGET_BIN}" "${target}"
+    "${target}" --version >/dev/null
+    OTELCOL_SOURCE_DESCRIPTION="target existing ${OTELCOL_TARGET_BIN}"
+    return
+  fi
+
   if [[ -n "${OTELCOL_ARCHIVE_PATH}" && -f "${OTELCOL_ARCHIVE_PATH}" ]]; then
     source_archive="${OTELCOL_ARCHIVE_PATH}"
   elif [[ -n "${PROVISION_DOWNLOADS_DIR}" && -f "${downloaded_archive}" ]]; then
     source_archive="${downloaded_archive}"
   fi
   if [[ "${PROVISION_REQUIRE_LOCAL_DOWNLOADS}" == "true" && -z "${source_archive}" ]]; then
-    echo "[prepare-provision-tools] 要求使用 Windows 已下载的 otelcol-contrib 包，但未找到: ${downloaded_archive}" >&2
+    echo "[prepare-provision-tools] 要求使用本地已有的 otelcol-contrib 来源，但目标机未满足且未找到下载包: ${downloaded_archive}" >&2
     exit 1
   fi
 
@@ -146,6 +211,17 @@ prepare_spacetime() {
   local downloaded_installer="${PROVISION_DOWNLOADS_DIR}/spacetime-install.sh"
   local source_installer=""
 
+  if target_spacetime_ready; then
+    echo "[prepare-provision-tools] 复用目标机已有 SpacetimeDB 安装: ${SPACETIME_ROOT}/bin/current"
+    mkdir -p "${target_dir}"
+    cp -a "${SPACETIME_ROOT}/bin" "${target_dir}/bin"
+    chmod 0755 "${target_dir}/bin/current/spacetimedb-cli" "${target_dir}/bin/current/spacetimedb-standalone"
+    make_spacetime_wrapper "${target_dir}/spacetime"
+    "${target_dir}/spacetime" --version >/dev/null
+    SPACETIME_SOURCE_DESCRIPTION="target existing ${SPACETIME_ROOT}/bin/current"
+    return
+  fi
+
   mkdir -p "${install_root}"
   if [[ -n "${SPACETIME_ARCHIVE_PATH}" && -f "${SPACETIME_ARCHIVE_PATH}" ]]; then
     source_archive="${SPACETIME_ARCHIVE_PATH}"
@@ -165,7 +241,7 @@ prepare_spacetime() {
     source_update="${downloaded_update}"
   fi
   if [[ "${PROVISION_REQUIRE_LOCAL_DOWNLOADS}" == "true" && -z "${source_archive}" ]]; then
-    echo "[prepare-provision-tools] 要求使用 Windows 已下载的 SpacetimeDB release tarball，但未找到: ${downloaded_archive}" >&2
+    echo "[prepare-provision-tools] 要求使用本地已有的 SpacetimeDB release tarball，但目标机未满足且未找到下载包: ${downloaded_archive}" >&2
     exit 1
   fi
 
@@ -185,7 +261,7 @@ prepare_spacetime() {
     fi
 
     if [[ "${PROVISION_REQUIRE_LOCAL_DOWNLOADS}" == "true" && -z "${source_installer}" ]]; then
-      echo "[prepare-provision-tools] 要求使用 Windows 已下载的 SpacetimeDB 官方安装器脚本，但未找到: ${downloaded_installer}" >&2
+      echo "[prepare-provision-tools] 要求使用本地已有的 SpacetimeDB 官方安装器脚本，但未找到: ${downloaded_installer}" >&2
       exit 1
     elif [[ -n "${source_installer}" ]]; then
       echo "[prepare-provision-tools] 使用已下载的 SpacetimeDB 官方安装器脚本: ${source_installer}"

From 9db467d23f524dc34e25049e22d0edeeba26c34e Mon Sep 17 00:00:00 2001
From: kdletters <61648117+kdletters@users.noreply.github.com>
Date: Wed, 10 Jun 2026 11:35:39 +0800
Subject: [PATCH 3/9] =?UTF-8?q?=E8=A1=A5=E5=85=85=20release=20SpacetimeDB?=
 =?UTF-8?q?=20=E5=81=A5=E5=BA=B7=E6=A3=80=E6=9F=A5=E4=B8=8E=E5=B7=A1?=
 =?UTF-8?q?=E6=A3=80=E9=98=B2=E5=9B=9E=E9=80=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

增加 SpacetimeDB 阶段化健康检查与 /readyz 阶段输出
记录 procedure/reducer/read 失败的阶段和耗时
补充 release 健康巡检 systemd timer 与生产 ops 预检
同步 API 构建部署、provision 脚本和运维文档
---
 .hermes/shared-memory/pitfalls.md             |  16 +
 .../systemd/genarrative-health-patrol.service |  20 +
 .../systemd/genarrative-health-patrol.timer   |  13 +
 ...发运维】本地开发验证与生产运维-2026-05-15.md |  40 +-
 jenkins/Jenkinsfile.production-api-build      |   2 +-
 jenkins/Jenkinsfile.production-api-deploy     |   2 +-
 package.json                                  |   3 +-
 scripts/build-production-release.sh           |   5 +-
 scripts/check-production-ops-guardrails.mjs   |  64 +++
 scripts/deploy/production-api-deploy.sh       |  17 +-
 scripts/jenkins-server-provision.sh           |  20 +-
 scripts/ops/production-health-patrol.mjs      | 477 ++++++++++++++++++
 server-rs/crates/api-server/src/app.rs        |  40 ++
 server-rs/crates/api-server/src/config.rs     |  31 ++
 server-rs/crates/api-server/src/health.rs     |  33 +-
 server-rs/crates/api-server/src/state.rs      |  34 +-
 server-rs/crates/spacetime-client/src/lib.rs  | 400 +++++++++++++--
 17 files changed, 1147 insertions(+), 70 deletions(-)
 create mode 100644 deploy/systemd/genarrative-health-patrol.service
 create mode 100644 deploy/systemd/genarrative-health-patrol.timer
 create mode 100644 scripts/check-production-ops-guardrails.mjs
 create mode 100644 scripts/ops/production-health-patrol.mjs

diff --git a/.hermes/shared-memory/pitfalls.md b/.hermes/shared-memory/pitfalls.md
index 1b904428..2f0d3fd5 100644
--- a/.hermes/shared-memory/pitfalls.md
+++ b/.hermes/shared-memory/pitfalls.md
@@ -15,6 +15,22 @@
 - 关联：相关文件、文档、提交或 Issue
 ```
 
+## 生产冷备份后 API 不能只依赖 SpacetimeDB 自恢复
+
+- 现象：release 机器 `03:20` 冷备份后，`spacetimedb.service` 已恢复，但作品列表、创作入口配置或公开 gallery 继续超时 / 502 / 504，`genarrative-api.service` 保持 stopped。
+- 原因：`genarrative-api.service` 配置了 `Requires=spacetimedb.service`，冷备份停止 `spacetimedb.service` 时 API 会被 systemd 依赖关系一并停止；如果 `genarrative-database-backup.service` 只传 `--stop-service spacetimedb.service` 而漏掉 `--restart-service-after genarrative-api.service`，备份脚本只会恢复数据库，不会再拉起 API。
+- 处理：生产冷备份 unit 和发布脚本必须带 `--restart-service-after genarrative-api.service`；仓库用 `npm run check:production-ops` 检查 systemd 模板、API build/deploy 归档和健康巡检链路。现场修复后执行 `systemctl daemon-reload`，但不要为了验证而手动触发冷备份。
+- 验证：`systemctl cat genarrative-database-backup.service` 应包含该参数；`systemctl is-active spacetimedb.service genarrative-api.service nginx.service` 全为 `active`；`curl -fsS http://127.0.0.1:3101/v1/ping`、`/healthz`、`/readyz` 和代表性 `/api/runtime/puzzle/gallery` 均成功。
+- 关联：`deploy/systemd/genarrative-database-backup.service`、`scripts/database-backup-to-oss.mjs`、`scripts/ops/production-health-patrol.mjs`、`docs/【开发运维】本地开发验证与生产运维-2026-05-15.md`。
+
+## SpacetimeDB 45 秒超时要看 api-server 记录的阶段
+
+- 现象：release 上 Nginx 能立刻连到 `api-server`，但 `/api/runtime/*/gallery`、`/api/creation-entry/config` 等请求在约 `GENARRATIVE_SPACETIME_PROCEDURE_TIMEOUT_SECONDS` 后返回 `502` / `504`。
+- 原因：旧日志只能看到 HTTP 总耗时和最终状态，无法区分卡在连接池、SDK 建连、等待 `on_connect`、订阅 read model、等待 procedure / reducer 回调还是本地订阅 cache 读取。
+- 处理：`spacetime-client` 内置阶段化健康检查和失败日志；`/readyz` 用 `GENARRATIVE_SPACETIME_HEALTH_CHECK_TIMEOUT_SECONDS` 短窗口检查 SpacetimeDB 连接租约，业务失败日志包含 `operation_kind`、`operation_name`、`spacetime_stage`、`elapsed_ms`。
+- 验证：`/readyz` 失败时看 `details.spacetime.stage`；业务请求超时时查 `journalctl -u genarrative-api.service` 中同一时间窗口的 `SpacetimeDB client operation failed`，优先按 `pool_acquire`、`connect_build`、`connect_handshake`、`read_model_subscribe`、`procedure_result`、`reducer_result`、`read_cache` 分阶段处理。
+- 关联：`server-rs/crates/spacetime-client/src/lib.rs`、`server-rs/crates/api-server/src/health.rs`、`docs/【开发运维】本地开发验证与生产运维-2026-05-15.md`。
+
 ## 新建草稿扣费不能和入口卡泥点配置分离
 
 - 现象：后台修改创作入口的 `mudPointCost` 后，入口卡和前置余额提示可能显示新数值，但用户真实钱包流水仍按代码常量扣除。
diff --git a/deploy/systemd/genarrative-health-patrol.service b/deploy/systemd/genarrative-health-patrol.service
new file mode 100644
index 00000000..2ef7d26c
--- /dev/null
+++ b/deploy/systemd/genarrative-health-patrol.service
@@ -0,0 +1,20 @@
+[Unit]
+Description=Genarrative Production Health Patrol
+After=network-online.target genarrative-api.service spacetimedb.service nginx.service
+Wants=network-online.target
+ConditionPathExists=/opt/genarrative/current/scripts/ops/production-health-patrol.mjs
+
+[Service]
+Type=oneshot
+User=root
+Group=root
+WorkingDirectory=/opt/genarrative/current
+EnvironmentFile=-/etc/genarrative/health-patrol.env
+ExecStart=/usr/bin/node /opt/genarrative/current/scripts/ops/production-health-patrol.mjs --status-file /var/lib/genarrative/health-patrol/status.json
+TimeoutStartSec=30
+
+# 巡检只读 systemd、HTTP 和 journal；只允许写入自己的最近一次状态文件。
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=full
+ReadWritePaths=/var/lib/genarrative/health-patrol
diff --git a/deploy/systemd/genarrative-health-patrol.timer b/deploy/systemd/genarrative-health-patrol.timer
new file mode 100644
index 00000000..e29bfdc2
--- /dev/null
+++ b/deploy/systemd/genarrative-health-patrol.timer
@@ -0,0 +1,13 @@
+[Unit]
+Description=Run Genarrative Production Health Patrol
+
+[Timer]
+OnBootSec=2min
+OnCalendar=*-*-* *:0/5:00
+Persistent=true
+RandomizedDelaySec=30
+AccuracySec=30s
+Unit=genarrative-health-patrol.service
+
+[Install]
+WantedBy=timers.target
diff --git a/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md b/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
index 4797b4d4..d2b630ac 100644
--- a/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
+++ b/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
@@ -96,6 +96,7 @@ npm run admin-web:typecheck
 ```bash
 npm run check:encoding
 npm run check:spacetime-schema
+npm run check:production-ops
 npm run check:server-rs-ddd
 npm run lint:eslint
 npm run typecheck
@@ -217,7 +218,7 @@ UI 相关修改要重点验证：
 npm run database:backup:oss -- --data-dir /stdb --stop-service spacetimedb.service --restart-service-after genarrative-api.service
 ```
 
-脚本会将数据目录打包成 `tar.gz`，上传到 `oss://<bucket>/<prefix>/<database>/<database>-<UTC时间>.tar.gz`。生产建议做冷备份：传入 `--stop-service spacetimedb.service`，脚本会在打包前停止服务、打包后恢复服务，再上传 OSS；因 `genarrative-api.service` 依赖 `spacetimedb.service`，生产定时冷备份还必须传入 `--restart-service-after genarrative-api.service`，确保备份后 API 随数据库一起恢复。由于 OSS 上传可能受服务器带宽限制，`Genarrative-Stdb-Module-Publish` 默认使用 `DATABASE_BACKUP_MODE=async`：先在 publish 前用 `--defer-upload` 生成本地冷备份和 `.manifest.json`，随后继续执行 publish；发布脚本退出前会用后台 `node ... --upload-archive <tar.gz>` 上传同一份发布前备份，不等待上传完成。发布脚本在校验 wasm 后、执行 `spacetime publish` 前会等待显式 `SPACETIME_SERVER_URL` 的 `/v1/ping` 就绪，默认最多等待 `60` 秒；如生产机器冷备份恢复 `spacetimedb.service` 较慢，可临时设置 `GENARRATIVE_STDB_PUBLISH_READY_TIMEOUT_SECONDS` 调整等待时间。需要强一致发布闸门时改用 `DATABASE_BACKUP_MODE=sync`（等价脚本参数 `--backup-mode sync`），备份会在 publish 前同步打包并上传，失败会阻断 publish；确认已有其他备份窗口时才使用 `DATABASE_BACKUP_MODE=skip`（兼容脚本参数 `--skip-backup`）。若业务不能接受停机窗口，应先规划 SpacetimeDB 原生快照或主备策略，不要直接在写入中的数据目录上做热拷贝并当作强一致备份。
+脚本会将数据目录打包成 `tar.gz`，上传到 `oss://<bucket>/<prefix>/<database>/<database>-<UTC时间>.tar.gz`。生产建议做冷备份：传入 `--stop-service spacetimedb.service`，脚本会在打包前停止服务、打包后恢复服务，再上传 OSS；因 `genarrative-api.service` 依赖 `spacetimedb.service`，生产定时冷备份还必须传入 `--restart-service-after genarrative-api.service`，确保备份后 API 随数据库一起恢复。`2026-06-10` release 故障就是现场 unit 漏掉该参数，`03:20` 冷备份停止 SpacetimeDB 后 API 被依赖关系一并停止，备份脚本只恢复了 SpacetimeDB，API 直到人工重启前都不可用；后续现场变更、provision 模板和 Jenkins 归档都必须通过 `npm run check:production-ops` 防止回退。由于 OSS 上传可能受服务器带宽限制，`Genarrative-Stdb-Module-Publish` 默认使用 `DATABASE_BACKUP_MODE=async`：先在 publish 前用 `--defer-upload` 生成本地冷备份和 `.manifest.json`，随后继续执行 publish；发布脚本退出前会用后台 `node ... --upload-archive <tar.gz>` 上传同一份发布前备份，不等待上传完成。发布脚本在校验 wasm 后、执行 `spacetime publish` 前会等待显式 `SPACETIME_SERVER_URL` 的 `/v1/ping` 就绪，默认最多等待 `60` 秒；如生产机器冷备份恢复 `spacetimedb.service` 较慢，可临时设置 `GENARRATIVE_STDB_PUBLISH_READY_TIMEOUT_SECONDS` 调整等待时间。需要强一致发布闸门时改用 `DATABASE_BACKUP_MODE=sync`（等价脚本参数 `--backup-mode sync`），备份会在 publish 前同步打包并上传，失败会阻断 publish；确认已有其他备份窗口时才使用 `DATABASE_BACKUP_MODE=skip`（兼容脚本参数 `--skip-backup`）。若业务不能接受停机窗口，应先规划 SpacetimeDB 原生快照或主备策略，不要直接在写入中的数据目录上做热拷贝并当作强一致备份。
 
 生产环境变量模板在 `deploy/env/api-server.env.example`：
 
@@ -234,6 +235,17 @@ GENARRATIVE_DATABASE_BACKUP_OSS_ACCESS_KEY_SECRET=
 
 `GENARRATIVE_DATABASE_BACKUP_OSS_BUCKET` 为空时会回退 `ALIYUN_OSS_BUCKET`；AccessKey 默认复用 `ALIYUN_OSS_ACCESS_KEY_ID` / `ALIYUN_OSS_ACCESS_KEY_SECRET`，也可用 `GENARRATIVE_DATABASE_BACKUP_OSS_ACCESS_KEY_ID` / `GENARRATIVE_DATABASE_BACKUP_OSS_ACCESS_KEY_SECRET` 为备份 bucket 单独配置最小权限账号。`Genarrative-Server-Provision` 会创建 `/var/lib/genarrative/database-backups` 并归属 `genarrative:genarrative`，同时安装并启用 `genarrative-database-backup.timer`。手动检查定时器：`systemctl list-timers genarrative-database-backup.timer`；手动触发一次：`systemctl start genarrative-database-backup.service`。
 
+冷备份后必须做一次只读验收，不要只看 `genarrative-database-backup.service` 是否成功退出：
+
+```bash
+systemctl is-active spacetimedb.service genarrative-api.service nginx.service
+curl -fsS --max-time 5 http://127.0.0.1:3101/v1/ping
+curl -fsS --max-time 5 http://127.0.0.1:8082/healthz
+curl -fsS --max-time 5 http://127.0.0.1:8082/readyz
+curl -fsS --max-time 5 http://127.0.0.1/api/creation-entry/config >/dev/null
+curl -fsS --max-time 5 http://127.0.0.1/api/runtime/puzzle/gallery >/dev/null
+```
+
 ## 生产运维
 
 生产部署当前口径：
@@ -244,11 +256,32 @@ Nginx 负责站点和反向代理
 Jenkins 按 web / api / Spacetime module / build / deploy / publish 拆分
 ```
 
+### 生产健康巡检
+
+`Genarrative-Server-Provision` 会安装并启用 `genarrative-health-patrol.timer`，默认每 5 分钟运行一次 `genarrative-health-patrol.service`。巡检脚本随 API release 归档到 `/opt/genarrative/current/scripts/ops/production-health-patrol.mjs`，只读检查：
+
+- `genarrative-api.service`、`spacetimedb.service`、`nginx.service` 是否 active。
+- API 直连 `/healthz`、`/readyz`。
+- SpacetimeDB 直连 `/v1/ping`。
+- 默认直连 API 端口检查 `/api/creation-entry/config`、`/api/runtime/puzzle/gallery`、`/api/runtime/custom-world-gallery`；如需走 Nginx / 公网域名，在 `/etc/genarrative/health-patrol.env` 配置 `GENARRATIVE_HEALTH_PATROL_PUBLIC_BASE_URL=https://<域名>`。
+- 最近 15 分钟 `genarrative-api.service`、`spacetimedb.service`、`nginx.service` 的 `err..alert` 日志。
+
+巡检输出总状态 `OK / WARNING / CRITICAL`；只有 `CRITICAL` 默认让 systemd service 失败，`WARNING` 只写日志和状态文件，避免历史日志噪声把 timer 长期打成失败。最近一次结果写入 `/var/lib/genarrative/health-patrol/status.json`。手动执行：
+
+```bash
+systemctl start genarrative-health-patrol.service
+systemctl status genarrative-health-patrol.service --no-pager
+journalctl -u genarrative-health-patrol.service -n 80 --no-pager
+cat /var/lib/genarrative/health-patrol/status.json
+```
+
+如需接外部告警，可在 `/etc/genarrative/health-patrol.env` 配置 `GENARRATIVE_HEALTH_PATROL_WEBHOOK_URL`；脚本只会在 `WARNING` 或 `CRITICAL` 时向该 webhook 发送 JSON。未配置 webhook 时，告警来源是 systemd 失败状态、journal 和状态文件。
+
 `Genarrative-Web-Build` 的主站构建失败若出现 Rollup 报错 `"xxx" is not exported by "src/services/publicWorkCode.ts"`，优先按前端公开作品号工具缺失处理，而不是排查 Jenkins 节点环境。修复时要让 `publicWorkCode.ts` 的 `build<Play>PublicWorkCode` 与 `isSame<Play>PublicWorkCode` 成对导出，并补 `src/services/publicWorkCode.test.ts` 覆盖对应玩法前缀；随后用 `npm run build:production-release -- --component web --name <临时名>` 复现 Jenkins web 构建路径。
 
 `Genarrative-Web-Build` 会把 `build/<version>/web.tar.gz`、`web.tar.gz.sha256`、`release-manifest.json` 和 `scripts/deploy/production-web-deploy.sh` 直接归档为 Jenkins 构建产物；`Genarrative-Web-Deploy` 只通过 `copyArtifacts` 从指定上游构建复制这些产物和部署脚本，不再在目标机器 checkout Git，再执行随构建归档的 `scripts/deploy/production-web-deploy.sh`。Web 发布不再读取构建机本地缓存目录，也不再通过 release agent `rsync` 回构建机拉取大包；如果 deploy 找不到 `web.tar.gz`，应先检查上游 Web Build 是否按同一 `BUILD_VERSION` 成功归档产物。
 
-`Genarrative-Api-Build` 的 Jenkins 归档产物必须包含 `build/<version>/api-server`、`api-server.sha256`、`release-manifest.json`、`scripts/database-backup-to-oss.mjs`、`scripts/deploy/production-api-deploy.sh`、`scripts/deploy/maintenance-on.sh` 和 `scripts/deploy/maintenance-off.sh`。`deploy/systemd/genarrative-database-backup.service` 从 `/opt/genarrative/current/scripts/database-backup-to-oss.mjs` 执行冷备份，`Genarrative-Api-Deploy` 会从上游 API 构建产物复制部署脚本和备份脚本，不再在目标机器 checkout Git；如果 API 发布后 current release 中缺少该脚本，应先检查 `Genarrative-Api-Build` 的 `archiveArtifacts` 和 `Genarrative-Api-Deploy` 的 `copyArtifacts` 过滤器是否仍包含 `build/<version>/scripts/database-backup-to-oss.mjs`，不要只在部署机工作区手工补文件。
+`Genarrative-Api-Build` 的 Jenkins 归档产物必须包含 `build/<version>/api-server`、`api-server.sha256`、`release-manifest.json`、`scripts/database-backup-to-oss.mjs`、`scripts/ops/production-health-patrol.mjs`、`scripts/deploy/production-api-deploy.sh`、`scripts/deploy/maintenance-on.sh` 和 `scripts/deploy/maintenance-off.sh`。`deploy/systemd/genarrative-database-backup.service` 从 `/opt/genarrative/current/scripts/database-backup-to-oss.mjs` 执行冷备份，`deploy/systemd/genarrative-health-patrol.service` 从 `/opt/genarrative/current/scripts/ops/production-health-patrol.mjs` 执行巡检；`Genarrative-Api-Deploy` 会从上游 API 构建产物复制部署脚本、备份脚本和巡检脚本，不再在目标机器 checkout Git。如果 API 发布后 current release 中缺少这些脚本，应先检查 `Genarrative-Api-Build` 的 `archiveArtifacts` 和 `Genarrative-Api-Deploy` 的 `copyArtifacts` 过滤器是否仍包含 `build/<version>/scripts/database-backup-to-oss.mjs` 与 `build/<version>/scripts/ops/production-health-patrol.mjs`，不要只在部署机工作区手工补文件。
 
 `Genarrative-Stdb-Module-Build` 的 Jenkins 归档产物必须包含 `build/<version>/spacetime_module.wasm`、`spacetime_module.wasm.sha256`、`release-manifest.json`、`scripts/deploy/production-stdb-publish.sh`、`scripts/deploy/maintenance-on.sh`、`scripts/deploy/maintenance-off.sh` 和 `scripts/database-backup-to-oss.mjs`。`Genarrative-Stdb-Module-Publish` 只通过 `copyArtifacts` 复制这些产物和发布脚本，不再在目标机器 checkout Git；如果 publish 前备份脚本缺失，应先检查 Stdb Build 的归档列表和 Stdb Publish 的复制过滤器。
 
@@ -275,7 +308,8 @@ dev 服务器上的 Gitea 内网入口固定为 `http://10.2.0.10/GenarrativeAI/
 
 - `api-server` 生产模板默认 `GENARRATIVE_API_LISTEN_BACKLOG=1024`、`GENARRATIVE_API_WORKER_THREADS=4`；本地未设置 worker threads 时继续使用 Tokio 默认值。
 - `GENARRATIVE_API_MAX_CONCURRENT_REQUESTS=512` 开启应用内 HTTP 并发背压；`GENARRATIVE_API_GALLERY_MAX_CONCURRENT_REQUESTS=320`、`GENARRATIVE_API_DETAIL_MAX_CONCURRENT_REQUESTS=64`、`GENARRATIVE_API_ADMIN_MAX_CONCURRENT_REQUESTS=16` 分别限制公开列表、公开详情和后台 API 热路径。超过许可时直接返回 `429 Too Many Requests` 和 `Retry-After: 1`，`/healthz` 与 `/readyz` 不受该限制。这些值不是 RPS 限速；如果压测中 429 上升但内存和 p95 收敛，说明背压正在保护进程。直连 `api-server` 的极高 RPS 压测若出现 `connection refused`，通常已经打到 TCP 监听 / accept 层，应同时检查 backlog、Nginx upstream keepalive 和前置限流。
-- `api-server` 正常运行时 `/healthz` 返回进程存活状态，`/readyz` 返回是否仍接收新流量；收到 `SIGINT` / `SIGTERM` 后会先把 readiness 标记为不可用，再让 Axum 停止接新连接并等待已有 HTTP 请求排空。systemd 仍以 `KillSignal=SIGINT` 停服务，`TimeoutStopSec=90` 作为长请求排空上限。
+- `api-server` 正常运行时 `/healthz` 只返回进程存活状态，`/readyz` 会同时检查进程是否仍接收新流量和 SpacetimeDB 连接租约是否健康；收到 `SIGINT` / `SIGTERM` 后会先把 readiness 标记为不可用，再让 Axum 停止接新连接并等待已有 HTTP 请求排空。systemd 仍以 `KillSignal=SIGINT` 停服务，`TimeoutStopSec=90` 作为长请求排空上限。
+- SpacetimeDB 健康检查默认使用 `GENARRATIVE_SPACETIME_HEALTH_CHECK_TIMEOUT_SECONDS=2` 的短等待窗口，和业务 procedure 的 `GENARRATIVE_SPACETIME_PROCEDURE_TIMEOUT_SECONDS` 分开。`/readyz` 失败时 `details.spacetime.stage` 会标出当前卡住阶段：`pool_acquire`、`connect_build`、`connect_handshake`、`read_model_subscribe`、`procedure_result`、`reducer_result` 或 `read_cache`；`elapsedMs` / `timeoutMs` 用于确认是否命中健康检查窗口。业务请求日志也会写入 `operation_kind`、`operation_name`、`spacetime_stage` 和 `elapsed_ms`，后续 45 秒超时不再只靠 Nginx `request_time=45s` 推断。
 - `genarrative-api.service` 设置 `LimitNOFILE=65535`、`TasksMax=2048`；上线后用 `systemctl show genarrative-api.service -p LimitNOFILE -p TasksMax -p TimeoutStopUSec` 和 `cat /proc/$(pidof api-server)/limits` 核对。
 - Server provision 不再通过 Windows helper 下载，也不再通过 Linux build 节点中转工具包。`Prepare Provision Tools` 在目标 dev / release agent 工作区内先检查 `/usr/local/bin/otelcol-contrib` 与 `${SPACETIME_ROOT}/bin/current`：版本已满足时直接复用目标机现有文件生成 `provision-tools/`，只有缺失或版本不匹配时才使用 `PROVISION_DOWNLOADS_DIR` 里的本地包或从配置的下载源准备 SpacetimeDB `2.4.1` / `otelcol-contrib 0.151.0`；如果目标服务器下载需要代理，在 `PROVISION_DOWNLOAD_PROXY` 配置目标机可访问的 HTTP 代理。
 - 除 `Genarrative-Server-Provision` 外，`Genarrative-Stdb-Module-Build`、`Genarrative-Web-Build`、`Genarrative-Api-Build`、`Genarrative-*Deploy`、`Genarrative-Database-Import/Export`、`Genarrative-Full-Build-And-Deploy` 和 `Genarrative-Notify-Email` 的生产流水线现都以 Linux agent 为主，仍按各自 Jenkinsfile 的 checkout 口径执行。Server provision 不使用公网备用 Git 源。
diff --git a/jenkins/Jenkinsfile.production-api-build b/jenkins/Jenkinsfile.production-api-build
index d399ed2f..91aa966b 100644
--- a/jenkins/Jenkinsfile.production-api-build
+++ b/jenkins/Jenkinsfile.production-api-build
@@ -104,7 +104,7 @@ pipeline {
 
     stage('Archive') {
       steps {
-        archiveArtifacts artifacts: "build/${env.EFFECTIVE_BUILD_VERSION}/api-server,build/${env.EFFECTIVE_BUILD_VERSION}/api-server.sha256,build/${env.EFFECTIVE_BUILD_VERSION}/release-manifest.json,build/${env.EFFECTIVE_BUILD_VERSION}/scripts/database-backup-to-oss.mjs,scripts/deploy/production-api-deploy.sh,scripts/deploy/maintenance-on.sh,scripts/deploy/maintenance-off.sh", fingerprint: true
+        archiveArtifacts artifacts: "build/${env.EFFECTIVE_BUILD_VERSION}/api-server,build/${env.EFFECTIVE_BUILD_VERSION}/api-server.sha256,build/${env.EFFECTIVE_BUILD_VERSION}/release-manifest.json,build/${env.EFFECTIVE_BUILD_VERSION}/scripts/database-backup-to-oss.mjs,build/${env.EFFECTIVE_BUILD_VERSION}/scripts/ops/production-health-patrol.mjs,scripts/deploy/production-api-deploy.sh,scripts/deploy/maintenance-on.sh,scripts/deploy/maintenance-off.sh", fingerprint: true
       }
     }
 
diff --git a/jenkins/Jenkinsfile.production-api-deploy b/jenkins/Jenkinsfile.production-api-deploy
index db7809ce..152c181f 100644
--- a/jenkins/Jenkinsfile.production-api-deploy
+++ b/jenkins/Jenkinsfile.production-api-deploy
@@ -65,7 +65,7 @@ pipeline {
         copyArtifacts(
           projectName: params.BUILD_JOB_NAME,
           selector: specific(params.BUILD_NUMBER_TO_DEPLOY),
-          filter: "build/${params.BUILD_VERSION}/api-server,build/${params.BUILD_VERSION}/api-server.sha256,build/${params.BUILD_VERSION}/release-manifest.json,build/${params.BUILD_VERSION}/scripts/database-backup-to-oss.mjs,scripts/deploy/production-api-deploy.sh,scripts/deploy/maintenance-on.sh,scripts/deploy/maintenance-off.sh",
+          filter: "build/${params.BUILD_VERSION}/api-server,build/${params.BUILD_VERSION}/api-server.sha256,build/${params.BUILD_VERSION}/release-manifest.json,build/${params.BUILD_VERSION}/scripts/database-backup-to-oss.mjs,build/${params.BUILD_VERSION}/scripts/ops/production-health-patrol.mjs,scripts/deploy/production-api-deploy.sh,scripts/deploy/maintenance-on.sh,scripts/deploy/maintenance-off.sh",
           target: '.',
           fingerprintArtifacts: true
         )
diff --git a/package.json b/package.json
index 82883e4f..b9055ebf 100644
--- a/package.json
+++ b/package.json
@@ -27,6 +27,7 @@
     "clean": "node -e \"require('fs').rmSync('dist', { recursive: true, force: true })\"",
     "check:encoding": "node scripts/check-encoding.mjs",
     "check:spacetime-schema": "node scripts/check-spacetime-schema-guard.mjs",
+    "check:production-ops": "node scripts/check-production-ops-guardrails.mjs",
     "assets:child-motion-demo": "node scripts/generate-child-motion-demo-assets.mjs",
     "assets:match3d-style-references": "node scripts/generate-match3d-style-references.mjs",
     "check:visual-novel-vn11": "node scripts/check-visual-novel-vn11-negative-scan.mjs",
@@ -37,7 +38,7 @@
     "lint:guardrails": "npm run lint:eslint",
     "typecheck": "tsc -p tsconfig.typecheck-guardrails.json --noEmit",
     "typecheck:guardrails": "npm run typecheck",
-    "lint": "npm run check:encoding && npm run check:spacetime-schema && npm run lint:eslint && npm run typecheck",
+    "lint": "npm run check:encoding && npm run check:spacetime-schema && npm run check:production-ops && npm run lint:eslint && npm run typecheck",
     "lint:fix": "eslint . --ext .ts,.tsx,.js,.mjs,.cjs --fix && prettier --write .",
     "format": "prettier --write .",
     "format:check": "prettier --check .",
diff --git a/scripts/build-production-release.sh b/scripts/build-production-release.sh
index 80068924..19924c54 100644
--- a/scripts/build-production-release.sh
+++ b/scripts/build-production-release.sh
@@ -445,7 +445,7 @@ if [[ "${BUILD_SPACETIME}" -eq 1 ]]; then
   write_migration_bootstrap_secret_file
 fi
 
-mkdir -p "${TARGET_DIR}/scripts" "${TARGET_DIR}/deploy"
+mkdir -p "${TARGET_DIR}/scripts" "${TARGET_DIR}/scripts/ops" "${TARGET_DIR}/deploy"
 cp "${SCRIPT_DIR}/deploy/maintenance-on.sh" "${TARGET_DIR}/scripts/maintenance-on.sh"
 cp "${SCRIPT_DIR}/deploy/maintenance-off.sh" "${TARGET_DIR}/scripts/maintenance-off.sh"
 cp "${SCRIPT_DIR}/deploy/maintenance-status.sh" "${TARGET_DIR}/scripts/maintenance-status.sh"
@@ -466,6 +466,7 @@ copy_required_file "${SCRIPT_DIR}/spacetime-migration-common.mjs" "${TARGET_DIR}
 copy_required_file "${SCRIPT_DIR}/spacetime-authorize-migration-operator.mjs" "${TARGET_DIR}/scripts/spacetime-authorize-migration-operator.mjs" "数据库迁移授权脚本"
 copy_required_file "${SCRIPT_DIR}/spacetime-revoke-migration-operator.mjs" "${TARGET_DIR}/scripts/spacetime-revoke-migration-operator.mjs" "数据库迁移撤权脚本"
 copy_required_file "${SCRIPT_DIR}/database-backup-to-oss.mjs" "${TARGET_DIR}/scripts/database-backup-to-oss.mjs" "数据库 OSS 备份脚本"
+copy_required_file "${SCRIPT_DIR}/ops/production-health-patrol.mjs" "${TARGET_DIR}/scripts/ops/production-health-patrol.mjs" "生产健康巡检脚本"
 
 copy_required_dir "${REPO_ROOT}/deploy/systemd" "${TARGET_DIR}/deploy/systemd" "systemd 配置"
 copy_required_dir "${REPO_ROOT}/deploy/nginx" "${TARGET_DIR}/deploy/nginx" "Nginx 配置"
@@ -485,7 +486,7 @@ cat >"${TARGET_DIR}/README.md" <<EOF
 - \`migration-bootstrap-secret.txt\`：构建 \`spacetime_module.wasm\` 时注入的迁移引导密钥，仅用于创建首个迁移操作员；请作为敏感文件保存到 Jenkins Secret Text，授权完成后不要长期留在公开归档中。
 - \`*.sha256\`：发布产物 checksum，用于部署前校验。
 - \`release-manifest.json\`：发布版本、源码 commit 与产物清单。
-- \`scripts/\`：维护模式脚本、数据库导入导出脚本、数据库 OSS 备份脚本、迁移授权脚本和 Jenkins inbound agent systemd 安装脚本。
+- \`scripts/\`：维护模式脚本、数据库导入导出脚本、数据库 OSS 备份脚本、生产健康巡检脚本、迁移授权脚本和 Jenkins inbound agent systemd 安装脚本。
 - \`deploy/\`：systemd、Nginx 和生产环境变量示例；\`deploy/nginx/genarrative-dev-http.conf\` 仅供无域名开发服初始化使用。
 
 ## 生产部署口径
diff --git a/scripts/check-production-ops-guardrails.mjs b/scripts/check-production-ops-guardrails.mjs
new file mode 100644
index 00000000..6a8537f0
--- /dev/null
+++ b/scripts/check-production-ops-guardrails.mjs
@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+
+import {readFileSync} from 'node:fs';
+
+const checks = [
+  {
+    file: 'deploy/systemd/genarrative-database-backup.service',
+    includes: '--restart-service-after genarrative-api.service',
+    reason: '生产冷备份恢复 SpacetimeDB 后必须显式拉起依赖它的 API 服务。',
+  },
+  {
+    file: 'deploy/systemd/genarrative-health-patrol.service',
+    includes: 'scripts/ops/production-health-patrol.mjs',
+    reason: '健康巡检 systemd service 必须调用随 API release 发布的巡检脚本。',
+  },
+  {
+    file: 'deploy/systemd/genarrative-health-patrol.timer',
+    includes: 'genarrative-health-patrol.service',
+    reason: '健康巡检 timer 必须绑定巡检 service。',
+  },
+  {
+    file: 'scripts/jenkins-server-provision.sh',
+    includes: 'genarrative-health-patrol.timer',
+    reason: 'Server-Provision 必须安装并启用健康巡检 timer。',
+  },
+  {
+    file: 'scripts/build-production-release.sh',
+    includes: 'production-health-patrol.mjs',
+    reason: '生产 API release 必须携带健康巡检脚本。',
+  },
+  {
+    file: 'scripts/deploy/production-api-deploy.sh',
+    includes: 'production-health-patrol.mjs',
+    reason: 'API deploy 必须把健康巡检脚本复制到 current release。',
+  },
+  {
+    file: 'jenkins/Jenkinsfile.production-api-build',
+    includes: 'scripts/ops/production-health-patrol.mjs',
+    reason: 'API Build 归档必须包含健康巡检脚本。',
+  },
+  {
+    file: 'jenkins/Jenkinsfile.production-api-deploy',
+    includes: 'scripts/ops/production-health-patrol.mjs',
+    reason: 'API Deploy 复制上游产物时必须包含健康巡检脚本。',
+  },
+];
+
+let failed = false;
+
+for (const check of checks) {
+  const content = readFileSync(check.file, 'utf8');
+  if (!content.includes(check.includes)) {
+    failed = true;
+    console.error(
+      `[check:production-ops] ${check.file} 缺少 ${check.includes}。${check.reason}`,
+    );
+  }
+}
+
+if (failed) {
+  process.exit(1);
+}
+
+console.log('[check:production-ops] OK');
diff --git a/scripts/deploy/production-api-deploy.sh b/scripts/deploy/production-api-deploy.sh
index 6fd2c121..14029c52 100644
--- a/scripts/deploy/production-api-deploy.sh
+++ b/scripts/deploy/production-api-deploy.sh
@@ -334,7 +334,9 @@ chmod +x "${RELEASE_DIR}/api-server"
 
 BACKUP_SCRIPT_SOURCE="${SOURCE_DIR}/scripts/database-backup-to-oss.mjs"
 WORKSPACE_BACKUP_SCRIPT_SOURCE="$(cd "${SCRIPT_DIR}/../.." && pwd)/scripts/database-backup-to-oss.mjs"
-mkdir -p "${RELEASE_DIR}/scripts"
+HEALTH_PATROL_SCRIPT_SOURCE="${SOURCE_DIR}/scripts/ops/production-health-patrol.mjs"
+WORKSPACE_HEALTH_PATROL_SCRIPT_SOURCE="$(cd "${SCRIPT_DIR}/../.." && pwd)/scripts/ops/production-health-patrol.mjs"
+mkdir -p "${RELEASE_DIR}/scripts" "${RELEASE_DIR}/scripts/ops"
 if [[ ! -f "${BACKUP_SCRIPT_SOURCE}" ]]; then
   if [[ -f "${WORKSPACE_BACKUP_SCRIPT_SOURCE}" ]]; then
     echo "[production-api-deploy] 发布产物缺少 scripts/database-backup-to-oss.mjs，回退使用部署工作区脚本；请重新触发包含该脚本的 API 构建。" >&2
@@ -346,6 +348,19 @@ if [[ ! -f "${BACKUP_SCRIPT_SOURCE}" ]]; then
 fi
 cp "${BACKUP_SCRIPT_SOURCE}" "${RELEASE_DIR}/scripts/database-backup-to-oss.mjs"
 chmod 0644 "${RELEASE_DIR}/scripts/database-backup-to-oss.mjs"
+if [[ ! -f "${HEALTH_PATROL_SCRIPT_SOURCE}" ]]; then
+  if [[ -f "${WORKSPACE_HEALTH_PATROL_SCRIPT_SOURCE}" ]]; then
+    echo "[production-api-deploy] 发布产物缺少 scripts/ops/production-health-patrol.mjs，回退使用部署工作区脚本；请重新触发包含该脚本的 API 构建。" >&2
+    HEALTH_PATROL_SCRIPT_SOURCE="${WORKSPACE_HEALTH_PATROL_SCRIPT_SOURCE}"
+  else
+    echo "[production-api-deploy] 未找到生产健康巡检脚本，跳过复制；genarrative-health-patrol.service 会因脚本缺失而跳过执行。" >&2
+    HEALTH_PATROL_SCRIPT_SOURCE=""
+  fi
+fi
+if [[ -n "${HEALTH_PATROL_SCRIPT_SOURCE}" ]]; then
+  cp "${HEALTH_PATROL_SCRIPT_SOURCE}" "${RELEASE_DIR}/scripts/ops/production-health-patrol.mjs"
+  chmod 0644 "${RELEASE_DIR}/scripts/ops/production-health-patrol.mjs"
+fi
 
 if [[ -f "${SOURCE_DIR}/release-manifest.json" ]]; then
   cp "${SOURCE_DIR}/release-manifest.json" "${RELEASE_DIR}/release-manifest.api-server.json"
diff --git a/scripts/jenkins-server-provision.sh b/scripts/jenkins-server-provision.sh
index 5d3535ed..9f399e84 100755
--- a/scripts/jenkins-server-provision.sh
+++ b/scripts/jenkins-server-provision.sh
@@ -732,10 +732,20 @@ render_database_backup_service() {
     deploy/systemd/genarrative-database-backup.service
 }
 
+render_health_patrol_service() {
+  local current_escaped
+  current_escaped="$(escape_sed_replacement "${CURRENT_LINK}")"
+  sed \
+    -e "s|/opt/genarrative/current|${current_escaped}|g" \
+    deploy/systemd/genarrative-health-patrol.service
+}
+
 require_path deploy/systemd/spacetimedb.service
 require_path deploy/systemd/genarrative-api.service
 require_path deploy/systemd/genarrative-database-backup.service
 require_path deploy/systemd/genarrative-database-backup.timer
+require_path deploy/systemd/genarrative-health-patrol.service
+require_path deploy/systemd/genarrative-health-patrol.timer
 require_path deploy/systemd/otelcol-contrib.service
 require_path deploy/otelcol/genarrative-debug.yaml
 require_path deploy/nginx/genarrative.conf
@@ -754,7 +764,7 @@ echo "[server-provision] target=${DEPLOY_TARGET}, dry_run=${DRY_RUN}, nginx_conf
 run_cmd id
 require_root_for_real_provision
 install_nginx_brotli_modules
-run_cmd mkdir -p "${SPACETIME_ROOT}" "${RELEASE_ROOT}" "$(dirname "${CURRENT_LINK}")" "$(dirname "${WEB_LINK}")" /etc/genarrative /var/lib/genarrative/maintenance /var/lib/genarrative/auth /var/lib/genarrative/tracking-outbox /var/lib/genarrative/database-backups
+run_cmd mkdir -p "${SPACETIME_ROOT}" "${RELEASE_ROOT}" "$(dirname "${CURRENT_LINK}")" "$(dirname "${WEB_LINK}")" /etc/genarrative /var/lib/genarrative/maintenance /var/lib/genarrative/auth /var/lib/genarrative/tracking-outbox /var/lib/genarrative/database-backups /var/lib/genarrative/health-patrol
 
 if ! id spacetimedb >/dev/null 2>&1; then
   run_cmd useradd --system --home-dir "${SPACETIME_ROOT}" --shell /usr/sbin/nologin spacetimedb
@@ -786,14 +796,18 @@ sync_spacetime_install "${SPACETIME_ROOT}"
 spacetimedb_service="$(mktemp)"
 api_service="$(mktemp)"
 database_backup_service="$(mktemp)"
+health_patrol_service="$(mktemp)"
 render_spacetimedb_service >"${spacetimedb_service}"
 render_api_service >"${api_service}"
 render_database_backup_service >"${database_backup_service}"
+render_health_patrol_service >"${health_patrol_service}"
 install_file "${spacetimedb_service}" /etc/systemd/system/spacetimedb.service 0644
 install_file "${api_service}" /etc/systemd/system/genarrative-api.service 0644
 install_file "${database_backup_service}" /etc/systemd/system/genarrative-database-backup.service 0644
 install_file deploy/systemd/genarrative-database-backup.timer /etc/systemd/system/genarrative-database-backup.timer 0644
-rm -f "${spacetimedb_service}" "${api_service}" "${database_backup_service}"
+install_file "${health_patrol_service}" /etc/systemd/system/genarrative-health-patrol.service 0644
+install_file deploy/systemd/genarrative-health-patrol.timer /etc/systemd/system/genarrative-health-patrol.timer 0644
+rm -f "${spacetimedb_service}" "${api_service}" "${database_backup_service}" "${health_patrol_service}"
 
 if [[ ! -f "${API_ENV_FILE}" ]]; then
   echo "+ create ${API_ENV_FILE} from example"
@@ -828,7 +842,7 @@ if [[ "${ENABLE_SERVICES}" == "true" ]]; then
   if [[ "${ENABLE_OTELCOL:-true}" == "true" ]]; then
     run_cmd systemctl enable otelcol-contrib.service
   fi
-  run_cmd systemctl enable spacetimedb.service genarrative-api.service genarrative-database-backup.timer
+  run_cmd systemctl enable spacetimedb.service genarrative-api.service genarrative-database-backup.timer genarrative-health-patrol.timer
   if [[ "${ENABLE_OTELCOL:-true}" == "true" ]]; then
     run_cmd systemctl restart otelcol-contrib.service
   fi
diff --git a/scripts/ops/production-health-patrol.mjs b/scripts/ops/production-health-patrol.mjs
new file mode 100644
index 00000000..219d8e29
--- /dev/null
+++ b/scripts/ops/production-health-patrol.mjs
@@ -0,0 +1,477 @@
+#!/usr/bin/env node
+
+import {execFile} from 'node:child_process';
+import http from 'node:http';
+import https from 'node:https';
+import {mkdir, writeFile} from 'node:fs/promises';
+import {dirname} from 'node:path';
+
+const STATUS_RANK = {
+  OK: 0,
+  WARNING: 1,
+  CRITICAL: 2,
+};
+
+const DEFAULT_PUBLIC_PATHS = [
+  '/api/creation-entry/config',
+  '/api/runtime/puzzle/gallery',
+  '/api/runtime/custom-world-gallery',
+];
+
+const DEFAULT_SERVICES = [
+  'genarrative-api.service',
+  'spacetimedb.service',
+  'nginx.service',
+];
+
+function usage() {
+  console.log(`Usage:
+  node scripts/ops/production-health-patrol.mjs [options]
+
+Options:
+  --api-base-url <url>          API direct base URL, default http://127.0.0.1:8082
+  --spacetime-base-url <url>    SpacetimeDB base URL, default http://127.0.0.1:3101
+  --public-base-url <url>       Nginx/public base URL, default http://127.0.0.1
+  --public-path <path>          Public API path to probe; repeatable
+  --status-file <path>          Write the last patrol result as JSON
+  --timeout-ms <ms>             HTTP/command timeout, default 5000
+  --slow-ms <ms>                Mark successful probes slower than this as WARNING, default 3000
+  --fail-on-warning             Exit 1 when the total status is WARNING
+  --skip-journal                Skip recent journal error scan
+  --json                        Print JSON instead of text
+`);
+}
+
+function readBoolEnv(name, fallback = false) {
+  const value = process.env[name];
+  if (!value) {
+    return fallback;
+  }
+  return ['1', 'true', 'yes', 'on'].includes(value.trim().toLowerCase());
+}
+
+function parsePositiveInt(raw, fallback) {
+  const value = Number.parseInt(String(raw ?? ''), 10);
+  return Number.isFinite(value) && value > 0 ? value : fallback;
+}
+
+function parseArgs(argv) {
+  const config = {
+    apiBaseUrl:
+      process.env.GENARRATIVE_HEALTH_PATROL_API_BASE_URL ||
+      'http://127.0.0.1:8082',
+    spacetimeBaseUrl:
+      process.env.GENARRATIVE_HEALTH_PATROL_SPACETIME_BASE_URL ||
+      'http://127.0.0.1:3101',
+    publicBaseUrl:
+      process.env.GENARRATIVE_HEALTH_PATROL_PUBLIC_BASE_URL ||
+      process.env.GENARRATIVE_HEALTH_PATROL_API_BASE_URL ||
+      'http://127.0.0.1:8082',
+    publicPaths: [],
+    statusFile: process.env.GENARRATIVE_HEALTH_PATROL_STATUS_FILE || '',
+    timeoutMs: parsePositiveInt(
+      process.env.GENARRATIVE_HEALTH_PATROL_TIMEOUT_MS,
+      5000,
+    ),
+    slowMs: parsePositiveInt(
+      process.env.GENARRATIVE_HEALTH_PATROL_SLOW_MS,
+      3000,
+    ),
+    failOnWarning: readBoolEnv('GENARRATIVE_HEALTH_PATROL_FAIL_ON_WARNING'),
+    skipJournal: readBoolEnv('GENARRATIVE_HEALTH_PATROL_SKIP_JOURNAL'),
+    json: false,
+    webhookUrl: process.env.GENARRATIVE_HEALTH_PATROL_WEBHOOK_URL || '',
+  };
+
+  for (let index = 0; index < argv.length; index += 1) {
+    const arg = argv[index];
+    switch (arg) {
+      case '-h':
+      case '--help':
+        usage();
+        process.exit(0);
+        break;
+      case '--api-base-url':
+        config.apiBaseUrl = requireValue(argv, ++index, arg);
+        break;
+      case '--spacetime-base-url':
+        config.spacetimeBaseUrl = requireValue(argv, ++index, arg);
+        break;
+      case '--public-base-url':
+        config.publicBaseUrl = requireValue(argv, ++index, arg);
+        break;
+      case '--public-path':
+        config.publicPaths.push(requireValue(argv, ++index, arg));
+        break;
+      case '--status-file':
+        config.statusFile = requireValue(argv, ++index, arg);
+        break;
+      case '--timeout-ms':
+        config.timeoutMs = parsePositiveInt(requireValue(argv, ++index, arg), 5000);
+        break;
+      case '--slow-ms':
+        config.slowMs = parsePositiveInt(requireValue(argv, ++index, arg), 3000);
+        break;
+      case '--fail-on-warning':
+        config.failOnWarning = true;
+        break;
+      case '--skip-journal':
+        config.skipJournal = true;
+        break;
+      case '--json':
+        config.json = true;
+        break;
+      default:
+        throw new Error(`未知参数: ${arg}`);
+    }
+  }
+
+  if (config.publicPaths.length === 0) {
+    config.publicPaths = DEFAULT_PUBLIC_PATHS;
+  }
+
+  return config;
+}
+
+function requireValue(argv, index, flag) {
+  const value = argv[index];
+  if (!value || value.startsWith('--')) {
+    throw new Error(`${flag} 缺少参数值`);
+  }
+  return value;
+}
+
+function joinUrl(baseUrl, path) {
+  const base = baseUrl.endsWith('/') ? baseUrl.slice(0, -1) : baseUrl;
+  const suffix = path.startsWith('/') ? path : `/${path}`;
+  return `${base}${suffix}`;
+}
+
+function maxStatus(checks) {
+  return checks.reduce((current, check) => {
+    return STATUS_RANK[check.status] > STATUS_RANK[current] ? check.status : current;
+  }, 'OK');
+}
+
+function checkResult(name, status, summary, details = {}) {
+  return {
+    name,
+    status,
+    summary,
+    ...details,
+  };
+}
+
+function runCommand(command, args, timeoutMs) {
+  return new Promise((resolve) => {
+    execFile(
+      command,
+      args,
+      {
+        timeout: timeoutMs,
+        windowsHide: true,
+        maxBuffer: 256 * 1024,
+      },
+      (error, stdout, stderr) => {
+        resolve({
+          command: [command, ...args].join(' '),
+          code:
+            typeof error?.code === 'number'
+              ? error.code
+              : error
+                ? 1
+                : 0,
+          signal: error?.signal || '',
+          stdout: String(stdout || ''),
+          stderr: String(stderr || ''),
+          timedOut: Boolean(error?.killed),
+          error: error ? error.message : '',
+        });
+      },
+    );
+  });
+}
+
+async function checkService(serviceName, timeoutMs) {
+  const result = await runCommand(
+    'systemctl',
+    ['is-active', serviceName],
+    timeoutMs,
+  );
+  const state = result.stdout.trim() || result.stderr.trim() || result.error;
+  if (result.code === 0 && state === 'active') {
+    return checkResult(`service:${serviceName}`, 'OK', 'active', {
+      command: result.command,
+    });
+  }
+
+  return checkResult(
+    `service:${serviceName}`,
+    'CRITICAL',
+    `服务状态异常: ${state || `exit ${result.code}`}`,
+    {
+      command: result.command,
+      stderr: result.stderr.trim(),
+    },
+  );
+}
+
+function requestUrl(url, timeoutMs) {
+  return new Promise((resolve) => {
+    const startedAt = Date.now();
+    const parsed = new URL(url);
+    const client = parsed.protocol === 'https:' ? https : http;
+    const request = client.request(
+      parsed,
+      {
+        method: 'GET',
+        timeout: timeoutMs,
+        headers: {
+          'User-Agent': 'genarrative-health-patrol/1.0',
+          Accept: 'application/json,text/plain,*/*',
+        },
+      },
+      (response) => {
+        let body = '';
+        response.setEncoding('utf8');
+        response.on('data', (chunk) => {
+          if (body.length < 2048) {
+            body += chunk;
+          }
+        });
+        response.on('end', () => {
+          resolve({
+            elapsedMs: Date.now() - startedAt,
+            statusCode: response.statusCode || 0,
+            body: body.slice(0, 2048),
+          });
+        });
+      },
+    );
+
+    request.on('timeout', () => {
+      request.destroy(new Error(`timeout after ${timeoutMs}ms`));
+    });
+    request.on('error', (error) => {
+      resolve({
+        elapsedMs: Date.now() - startedAt,
+        error: error.message,
+      });
+    });
+    request.end();
+  });
+}
+
+async function checkHttp(name, url, config) {
+  const result = await requestUrl(url, config.timeoutMs);
+  const curlCommand = `curl -fsS --max-time ${Math.ceil(config.timeoutMs / 1000)} ${url}`;
+
+  if (result.error) {
+    return checkResult(name, 'CRITICAL', `请求失败: ${result.error}`, {
+      command: curlCommand,
+      elapsedMs: result.elapsedMs,
+    });
+  }
+
+  const ok = result.statusCode >= 200 && result.statusCode < 300;
+  if (!ok) {
+    return checkResult(
+      name,
+      'CRITICAL',
+      `HTTP ${result.statusCode}，耗时 ${result.elapsedMs}ms`,
+      {
+        command: curlCommand,
+        elapsedMs: result.elapsedMs,
+        body: result.body.trim(),
+      },
+    );
+  }
+
+  if (result.elapsedMs > config.slowMs) {
+    return checkResult(
+      name,
+      'WARNING',
+      `HTTP ${result.statusCode} 但耗时偏高: ${result.elapsedMs}ms`,
+      {
+        command: curlCommand,
+        elapsedMs: result.elapsedMs,
+      },
+    );
+  }
+
+  return checkResult(name, 'OK', `HTTP ${result.statusCode} ${result.elapsedMs}ms`, {
+    command: curlCommand,
+    elapsedMs: result.elapsedMs,
+  });
+}
+
+async function checkRecentJournal(config) {
+  const args = [
+    '-u',
+    'genarrative-api.service',
+    '-u',
+    'spacetimedb.service',
+    '-u',
+    'nginx.service',
+    '--since',
+    '15 minutes ago',
+    '-p',
+    'err..alert',
+    '--no-pager',
+    '-o',
+    'short-iso',
+    '-n',
+    '20',
+  ];
+  const result = await runCommand('journalctl', args, config.timeoutMs);
+
+  if (result.code !== 0) {
+    return checkResult('journal:recent-errors', 'WARNING', '无法读取最近错误日志', {
+      command: result.command,
+      stderr: result.stderr.trim() || result.error,
+    });
+  }
+
+  const lines = result.stdout
+    .split('\n')
+    .map((line) => line.trim())
+    .filter((line) => line && line !== '-- No entries --');
+
+  if (lines.length === 0) {
+    return checkResult('journal:recent-errors', 'OK', '最近 15 分钟无 err..alert 日志', {
+      command: result.command,
+    });
+  }
+
+  return checkResult(
+    'journal:recent-errors',
+    'WARNING',
+    `最近 15 分钟有 ${lines.length} 条 err..alert 日志`,
+    {
+      command: result.command,
+      lines,
+    },
+  );
+}
+
+async function writeStatusFile(statusFile, payload) {
+  if (!statusFile) {
+    return;
+  }
+  await mkdir(dirname(statusFile), {recursive: true});
+  await writeFile(statusFile, `${JSON.stringify(payload, null, 2)}\n`, 'utf8');
+}
+
+async function notifyWebhook(config, payload) {
+  if (!config.webhookUrl || payload.status === 'OK') {
+    return;
+  }
+
+  const body = JSON.stringify(payload);
+  const parsed = new URL(config.webhookUrl);
+  const client = parsed.protocol === 'https:' ? https : http;
+
+  await new Promise((resolve) => {
+    const request = client.request(
+      parsed,
+      {
+        method: 'POST',
+        timeout: config.timeoutMs,
+        headers: {
+          'Content-Type': 'application/json',
+          'Content-Length': Buffer.byteLength(body),
+        },
+      },
+      (response) => {
+        response.resume();
+        response.on('end', resolve);
+      },
+    );
+    request.on('timeout', () => {
+      request.destroy(new Error(`timeout after ${config.timeoutMs}ms`));
+    });
+    request.on('error', (error) => {
+      console.error(`[health-patrol] webhook notify failed: ${error.message}`);
+      resolve();
+    });
+    request.end(body);
+  });
+}
+
+function printText(payload) {
+  console.log(`[health-patrol] ${payload.status} ${payload.checkedAt}`);
+  for (const check of payload.checks) {
+    console.log(`[${check.status}] ${check.name}: ${check.summary}`);
+    if (check.command && check.status !== 'OK') {
+      console.log(`  command: ${check.command}`);
+    }
+    if (check.stderr) {
+      console.log(`  stderr: ${check.stderr}`);
+    }
+    if (check.body) {
+      console.log(`  body: ${check.body}`);
+    }
+    if (Array.isArray(check.lines) && check.lines.length > 0) {
+      for (const line of check.lines) {
+        console.log(`  ${line}`);
+      }
+    }
+  }
+}
+
+async function main() {
+  const config = parseArgs(process.argv.slice(2));
+  const checks = [];
+
+  for (const serviceName of DEFAULT_SERVICES) {
+    checks.push(await checkService(serviceName, config.timeoutMs));
+  }
+
+  checks.push(await checkHttp('api:/healthz', joinUrl(config.apiBaseUrl, '/healthz'), config));
+  checks.push(await checkHttp('api:/readyz', joinUrl(config.apiBaseUrl, '/readyz'), config));
+  checks.push(
+    await checkHttp(
+      'spacetimedb:/v1/ping',
+      joinUrl(config.spacetimeBaseUrl, '/v1/ping'),
+      config,
+    ),
+  );
+
+  for (const path of config.publicPaths) {
+    checks.push(
+      await checkHttp(`public:${path}`, joinUrl(config.publicBaseUrl, path), config),
+    );
+  }
+
+  if (!config.skipJournal) {
+    checks.push(await checkRecentJournal(config));
+  }
+
+  const payload = {
+    status: maxStatus(checks),
+    checkedAt: new Date().toISOString(),
+    host: process.env.HOSTNAME || '',
+    checks,
+  };
+
+  await writeStatusFile(config.statusFile, payload);
+  await notifyWebhook(config, payload);
+
+  if (config.json) {
+    console.log(JSON.stringify(payload, null, 2));
+  } else {
+    printText(payload);
+  }
+
+  if (payload.status === 'CRITICAL') {
+    process.exit(2);
+  }
+  if (payload.status === 'WARNING' && config.failOnWarning) {
+    process.exit(1);
+  }
+}
+
+main().catch((error) => {
+  console.error(`[health-patrol] CRITICAL ${error instanceof Error ? error.message : String(error)}`);
+  process.exit(2);
+});
diff --git a/server-rs/crates/api-server/src/app.rs b/server-rs/crates/api-server/src/app.rs
index a68f6db5..d9b4b0e3 100644
--- a/server-rs/crates/api-server/src/app.rs
+++ b/server-rs/crates/api-server/src/app.rs
@@ -269,6 +269,7 @@ mod tests {
     };
     use reqwest::Client;
     use serde_json::Value;
+    use spacetime_client::{SpacetimeClientHealthSnapshot, SpacetimeClientStage};
     use time::OffsetDateTime;
     use tokio::net::TcpListener;
     use tower::ServiceExt;
@@ -724,6 +725,45 @@ mod tests {
         );
     }
 
+    #[tokio::test]
+    async fn readyz_reports_spacetime_health_stage() {
+        let state = AppState::new(AppConfig::default()).expect("state should build");
+        state.set_test_spacetime_health(SpacetimeClientHealthSnapshot {
+            ok: false,
+            stage: SpacetimeClientStage::ProcedureResult,
+            checked_at_micros: 1_713_680_000_000_000,
+            elapsed_ms: 2_000,
+            timeout_ms: 2_000,
+            error: Some("SpacetimeDB procedure 调用超时".to_string()),
+            last_success_at_micros: Some(1_713_679_999_000_000),
+            last_error: Some("SpacetimeDB procedure 调用超时".to_string()),
+        });
+        let app = build_router(state);
+
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .uri("/readyz")
+                    .header("x-request-id", "req-ready-spacetime")
+                    .body(Body::empty())
+                    .expect("readyz request should build"),
+            )
+            .await
+            .expect("readyz request should succeed");
+
+        assert_eq!(response.status(), StatusCode::SERVICE_UNAVAILABLE);
+        let body = read_json_response(response).await;
+        assert_eq!(body["error"]["details"]["reason"], "spacetime_unhealthy");
+        assert_eq!(
+            body["error"]["details"]["spacetime"]["stage"],
+            "procedure_result"
+        );
+        assert_eq!(
+            body["error"]["details"]["spacetime"]["timeoutMs"],
+            Value::from(2_000)
+        );
+    }
+
     #[tokio::test]
     async fn creative_agent_draft_edit_rejects_unconfirmed_template_session() {
         let app = build_internal_creative_agent_app();
diff --git a/server-rs/crates/api-server/src/config.rs b/server-rs/crates/api-server/src/config.rs
index 46a5f9f0..3ca4a2a6 100644
--- a/server-rs/crates/api-server/src/config.rs
+++ b/server-rs/crates/api-server/src/config.rs
@@ -12,6 +12,7 @@ use platform_speech::{
 
 const DEFAULT_INTERNAL_API_SECRET: &str = "genarrative-dev-internal-bridge";
 const SPACETIME_LOCAL_CONFIG_FILE: &str = "spacetime.local.json";
+const DEFAULT_SPACETIME_HEALTH_CHECK_TIMEOUT_SECONDS: u64 = 2;
 pub(crate) const DEFAULT_VECTOR_ENGINE_IMAGE_REQUEST_TIMEOUT_MS: u64 = 1_000_000;
 
 // 集中管理 api-server 的启动配置，避免入口层直接散落环境变量解析逻辑。
@@ -118,6 +119,7 @@ pub struct AppConfig {
     pub spacetime_token: Option<String>,
     pub spacetime_pool_size: u32,
     pub spacetime_procedure_timeout: Duration,
+    pub spacetime_health_check_timeout: Duration,
     pub llm_provider: LlmProvider,
     pub llm_base_url: String,
     pub llm_api_key: Option<String>,
@@ -276,6 +278,9 @@ impl Default for AppConfig {
             spacetime_token: None,
             spacetime_pool_size: 4,
             spacetime_procedure_timeout: Duration::from_secs(30),
+            spacetime_health_check_timeout: Duration::from_secs(
+                DEFAULT_SPACETIME_HEALTH_CHECK_TIMEOUT_SECONDS,
+            ),
             llm_provider: LlmProvider::Ark,
             llm_base_url: String::new(),
             llm_api_key: None,
@@ -704,6 +709,12 @@ impl AppConfig {
             config.spacetime_procedure_timeout =
                 Duration::from_secs(spacetime_procedure_timeout_seconds);
         }
+        if let Some(spacetime_health_check_timeout_seconds) =
+            read_first_duration_seconds_env(&["GENARRATIVE_SPACETIME_HEALTH_CHECK_TIMEOUT_SECONDS"])
+        {
+            config.spacetime_health_check_timeout =
+                Duration::from_secs(spacetime_health_check_timeout_seconds);
+        }
 
         if let Some(llm_provider) =
             read_first_llm_provider_env(&["GENARRATIVE_LLM_PROVIDER", "LLM_PROVIDER"])
@@ -1610,6 +1621,26 @@ mod tests {
         }
     }
 
+    #[test]
+    fn from_env_reads_spacetime_health_check_timeout() {
+        let _guard = ENV_LOCK
+            .get_or_init(|| Mutex::new(()))
+            .lock()
+            .expect("env lock should not poison");
+
+        unsafe {
+            std::env::remove_var("GENARRATIVE_SPACETIME_HEALTH_CHECK_TIMEOUT_SECONDS");
+            std::env::set_var("GENARRATIVE_SPACETIME_HEALTH_CHECK_TIMEOUT_SECONDS", "3");
+        }
+
+        let config = AppConfig::from_env();
+        assert_eq!(config.spacetime_health_check_timeout.as_secs(), 3);
+
+        unsafe {
+            std::env::remove_var("GENARRATIVE_SPACETIME_HEALTH_CHECK_TIMEOUT_SECONDS");
+        }
+    }
+
     #[test]
     fn default_keeps_structured_llm_web_search_disabled() {
         let config = AppConfig::default();
diff --git a/server-rs/crates/api-server/src/health.rs b/server-rs/crates/api-server/src/health.rs
index ee83a012..c6df5026 100644
--- a/server-rs/crates/api-server/src/health.rs
+++ b/server-rs/crates/api-server/src/health.rs
@@ -10,6 +10,7 @@ use crate::{
     api_response::json_success_body, http_error::AppError, request_context::RequestContext,
     state::AppState,
 };
+use spacetime_client::SpacetimeClientHealthSnapshot;
 
 pub async fn health_check(Extension(request_context): Extension<RequestContext>) -> Json<Value> {
     json_success_body(
@@ -25,23 +26,49 @@ pub async fn readiness_check(
     State(state): State<AppState>,
     Extension(request_context): Extension<RequestContext>,
 ) -> Response {
-    if state.is_ready() {
+    if !state.is_ready() {
+        return AppError::from_status(StatusCode::SERVICE_UNAVAILABLE)
+            .with_message("api-server 正在退出，不再接收新流量")
+            .with_details(json!({
+                "reason": "api_server_draining",
+                "ready": false,
+            }))
+            .into_response_with_context(Some(&request_context));
+    }
+
+    let spacetime_health = state.spacetime_health_check().await;
+    if spacetime_health.ok {
         return json_success_body(
             Some(&request_context),
             json!({
                 "ok": true,
                 "ready": true,
                 "service": "genarrative-api-server",
+                "spacetime": spacetime_health_to_json(&spacetime_health),
             }),
         )
         .into_response();
     }
 
     AppError::from_status(StatusCode::SERVICE_UNAVAILABLE)
-        .with_message("api-server 正在退出，不再接收新流量")
+        .with_message("SpacetimeDB 连接健康检查失败，api-server 暂不接收新流量")
         .with_details(json!({
-            "reason": "api_server_draining",
+            "reason": "spacetime_unhealthy",
             "ready": false,
+            "spacetime": spacetime_health_to_json(&spacetime_health),
         }))
         .into_response_with_context(Some(&request_context))
 }
+
+fn spacetime_health_to_json(snapshot: &SpacetimeClientHealthSnapshot) -> Value {
+    json!({
+        "ok": snapshot.ok,
+        "stage": snapshot.stage.as_str(),
+        "checkedAtMicros": snapshot.checked_at_micros,
+        "elapsedMs": snapshot.elapsed_ms,
+        "timeoutMs": snapshot.timeout_ms,
+        "error": snapshot.error,
+        "lastSuccessAtMicros": snapshot.last_success_at_micros,
+        "lastError": snapshot.last_error,
+    })
+}
diff --git a/server-rs/crates/api-server/src/state.rs b/server-rs/crates/api-server/src/state.rs
index 49d0e381..3858914a 100644
--- a/server-rs/crates/api-server/src/state.rs
+++ b/server-rs/crates/api-server/src/state.rs
@@ -31,7 +31,9 @@ use platform_wechat::{WechatClient, WechatConfig, pay::WechatPayClient};
 use serde_json::Value;
 use shared_contracts::creation_entry_config::CreationEntryConfigResponse;
 use shared_contracts::creative_agent::CreativeAgentSessionSnapshot;
-use spacetime_client::{SpacetimeClient, SpacetimeClientConfig, SpacetimeClientError};
+use spacetime_client::{
+    SpacetimeClient, SpacetimeClientConfig, SpacetimeClientError, SpacetimeClientHealthSnapshot,
+};
 use time::OffsetDateTime;
 use tokio::sync::{Semaphore, broadcast};
 use tracing::{info, warn};
@@ -242,6 +244,8 @@ pub struct AppStateInner {
     refresh_cookie_config: RefreshCookieConfig,
     #[cfg(test)]
     test_creation_entry_config: Arc<Mutex<Option<CreationEntryConfigResponse>>>,
+    #[cfg(test)]
+    test_spacetime_health: Arc<Mutex<Option<SpacetimeClientHealthSnapshot>>>,
     oss_client: Option<OssClient>,
     #[cfg_attr(test, allow(dead_code))]
     auth_store: InMemoryAuthStore,
@@ -418,6 +422,10 @@ impl AppState {
             test_creation_entry_config: Arc::new(Mutex::new(Some(
                 crate::creation_entry_config::test_creation_entry_config_response(),
             ))),
+            #[cfg(test)]
+            test_spacetime_health: Arc::new(Mutex::new(Some(
+                SpacetimeClientHealthSnapshot::healthy_for_test(),
+            ))),
             oss_client,
             auth_store,
             password_entry_service,
@@ -467,6 +475,30 @@ impl AppState {
         self.ready.store(false, Ordering::Release);
     }
 
+    pub async fn spacetime_health_check(&self) -> SpacetimeClientHealthSnapshot {
+        #[cfg(test)]
+        if let Some(snapshot) = self
+            .test_spacetime_health
+            .lock()
+            .expect("test spacetime health should lock")
+            .clone()
+        {
+            return snapshot;
+        }
+
+        self.spacetime_client
+            .health_check(self.config.spacetime_health_check_timeout)
+            .await
+    }
+
+    #[cfg(test)]
+    pub(crate) fn set_test_spacetime_health(&self, snapshot: SpacetimeClientHealthSnapshot) {
+        *self
+            .test_spacetime_health
+            .lock()
+            .expect("test spacetime health should lock") = Some(snapshot);
+    }
+
     pub async fn upsert_creation_entry_type_config(
         &self,
         input: module_runtime::CreationEntryTypeAdminUpsertInput,
diff --git a/server-rs/crates/spacetime-client/src/lib.rs b/server-rs/crates/spacetime-client/src/lib.rs
index 20361ba8..6b43db21 100644
--- a/server-rs/crates/spacetime-client/src/lib.rs
+++ b/server-rs/crates/spacetime-client/src/lib.rs
@@ -105,8 +105,8 @@ pub mod auth;
 pub mod bark_battle;
 pub use bark_battle::{
     BarkBattleDraftConfigUpsertRecordInput, BarkBattleDraftCreateRecordInput,
-    BarkBattleRunFinishRecordInput, BarkBattleRunStartRecordInput,
-    BarkBattleWorkDeleteRecordInput, BarkBattleWorkPublishRecordInput,
+    BarkBattleRunFinishRecordInput, BarkBattleRunStartRecordInput, BarkBattleWorkDeleteRecordInput,
+    BarkBattleWorkPublishRecordInput,
 };
 pub mod big_fish;
 pub mod combat;
@@ -132,7 +132,7 @@ use std::{
     sync::atomic::{AtomicBool, Ordering},
     sync::{Arc, Mutex},
     thread::JoinHandle,
-    time::Duration,
+    time::{Duration, Instant},
 };
 
 use module_ai::{
@@ -241,6 +241,7 @@ use tokio::{
     sync::{OwnedSemaphorePermit, RwLock, Semaphore, oneshot},
     time::timeout,
 };
+use tracing::warn;
 
 use crate::module_bindings::*;
 
@@ -253,6 +254,60 @@ pub struct SpacetimeClientConfig {
     pub procedure_timeout: Duration,
 }
 
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub enum SpacetimeClientStage {
+    Ready,
+    PoolAcquire,
+    ConnectBuild,
+    ConnectHandshake,
+    ReadModelSubscribe,
+    ProcedureResult,
+    ReducerResult,
+    ReadCache,
+}
+
+impl SpacetimeClientStage {
+    pub fn as_str(self) -> &'static str {
+        match self {
+            Self::Ready => "ready",
+            Self::PoolAcquire => "pool_acquire",
+            Self::ConnectBuild => "connect_build",
+            Self::ConnectHandshake => "connect_handshake",
+            Self::ReadModelSubscribe => "read_model_subscribe",
+            Self::ProcedureResult => "procedure_result",
+            Self::ReducerResult => "reducer_result",
+            Self::ReadCache => "read_cache",
+        }
+    }
+}
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct SpacetimeClientHealthSnapshot {
+    pub ok: bool,
+    pub stage: SpacetimeClientStage,
+    pub checked_at_micros: i64,
+    pub elapsed_ms: u64,
+    pub timeout_ms: u64,
+    pub error: Option<String>,
+    pub last_success_at_micros: Option<i64>,
+    pub last_error: Option<String>,
+}
+
+impl SpacetimeClientHealthSnapshot {
+    pub fn healthy_for_test() -> Self {
+        Self {
+            ok: true,
+            stage: SpacetimeClientStage::Ready,
+            checked_at_micros: current_unix_micros(),
+            elapsed_ms: 0,
+            timeout_ms: 0,
+            error: None,
+            last_success_at_micros: Some(current_unix_micros()),
+            last_error: None,
+        }
+    }
+}
+
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub struct AuthStoreSnapshotRecord {
     pub snapshot_json: Option<String>,
@@ -270,6 +325,7 @@ pub struct AuthStoreSnapshotImportRecord {
 pub struct SpacetimeClient {
     config: SpacetimeClientConfig,
     pool: Arc<SpacetimeConnectionPool>,
+    health_state: Arc<RwLock<SpacetimeClientHealthState>>,
     creation_entry_config_cache: Arc<RwLock<Option<CreationEntryConfigRecord>>>,
     custom_world_gallery_legacy_sync_attempted: Arc<AtomicBool>,
 }
@@ -296,6 +352,24 @@ struct SpacetimeConnectionPool {
     permits: Arc<Semaphore>,
 }
 
+#[derive(Debug, Default)]
+struct SpacetimeClientHealthState {
+    last_success_at_micros: Option<i64>,
+    last_error: Option<String>,
+}
+
+#[derive(Debug)]
+struct SpacetimeStageError {
+    stage: SpacetimeClientStage,
+    error: SpacetimeClientError,
+}
+
+impl SpacetimeStageError {
+    fn new(stage: SpacetimeClientStage, error: SpacetimeClientError) -> Self {
+        Self { stage, error }
+    }
+}
+
 struct PooledConnectionSlot {
     connection: Option<PooledConnection>,
     in_use: bool,
@@ -341,6 +415,7 @@ impl SpacetimeClient {
         Self {
             config,
             pool,
+            health_state: Arc::new(RwLock::new(SpacetimeClientHealthState::default())),
             creation_entry_config_cache: Arc::new(RwLock::new(None)),
             custom_world_gallery_legacy_sync_attempted: Arc::new(AtomicBool::new(false)),
         }
@@ -354,29 +429,58 @@ impl SpacetimeClient {
     where
         T: Send + 'static,
     {
+        let started_at = Instant::now();
         let metrics_guard = telemetry::begin_procedure(procedure);
         let (sender, receiver) = oneshot::channel();
         let result_sender = Arc::new(Mutex::new(Some(sender)));
-        let final_result = match self.acquire_connection().await {
+        let final_result = match self
+            .acquire_connection_with_timeout(self.config.procedure_timeout)
+            .await
+        {
             Ok(lease) => {
-                let result = if let Some(connection) = lease.connection.as_ref() {
+                let (result, failed_stage) = if let Some(connection) = lease.connection.as_ref() {
                     call(&connection.connection, result_sender.clone());
-                    match timeout(self.config.procedure_timeout, receiver).await {
-                        Ok(inner) => match inner {
-                            Ok(value) => value,
-                            Err(_) => Err(SpacetimeClientError::ConnectDropped),
+                    let stage = SpacetimeClientStage::ProcedureResult;
+                    (
+                        match timeout(self.config.procedure_timeout, receiver).await {
+                            Ok(inner) => match inner {
+                                Ok(value) => value,
+                                Err(_) => Err(SpacetimeClientError::ConnectDropped),
+                            },
+                            Err(_) => Err(Self::resolve_timeout_error(Some(connection), stage)),
                         },
-                        Err(_) => Err(Self::resolve_timeout_error(Some(connection))),
-                    }
+                        stage,
+                    )
                 } else {
-                    Err(SpacetimeClientError::Runtime(
-                        "SpacetimeDB 连接租约缺少连接".to_string(),
-                    ))
+                    (
+                        Err(SpacetimeClientError::Runtime(
+                            "SpacetimeDB 连接租约缺少连接".to_string(),
+                        )),
+                        SpacetimeClientStage::ProcedureResult,
+                    )
                 };
                 self.release_connection(lease).await;
+                if let Err(error) = &result {
+                    log_spacetime_client_failure(
+                        "procedure",
+                        procedure,
+                        failed_stage,
+                        started_at,
+                        error,
+                    );
+                }
                 result
             }
-            Err(error) => Err(error),
+            Err(error) => {
+                log_spacetime_client_failure(
+                    "procedure",
+                    procedure,
+                    error.stage,
+                    started_at,
+                    &error.error,
+                );
+                Err(error.error)
+            }
         };
 
         metrics_guard.finish(&final_result);
@@ -388,29 +492,58 @@ impl SpacetimeClient {
         procedure: &'static str,
         call: impl FnOnce(&DbConnection, ReducerResultSender) + Send + 'static,
     ) -> Result<(), SpacetimeClientError> {
+        let started_at = Instant::now();
         let metrics_guard = telemetry::begin_procedure(procedure);
         let (sender, receiver) = oneshot::channel();
         let result_sender = Arc::new(Mutex::new(Some(sender)));
-        let final_result = match self.acquire_connection().await {
+        let final_result = match self
+            .acquire_connection_with_timeout(self.config.procedure_timeout)
+            .await
+        {
             Ok(lease) => {
-                let result = if let Some(connection) = lease.connection.as_ref() {
+                let (result, failed_stage) = if let Some(connection) = lease.connection.as_ref() {
                     call(&connection.connection, result_sender.clone());
-                    match timeout(self.config.procedure_timeout, receiver).await {
-                        Ok(inner) => match inner {
-                            Ok(value) => value,
-                            Err(_) => Err(SpacetimeClientError::ConnectDropped),
+                    let stage = SpacetimeClientStage::ReducerResult;
+                    (
+                        match timeout(self.config.procedure_timeout, receiver).await {
+                            Ok(inner) => match inner {
+                                Ok(value) => value,
+                                Err(_) => Err(SpacetimeClientError::ConnectDropped),
+                            },
+                            Err(_) => Err(Self::resolve_timeout_error(Some(connection), stage)),
                         },
-                        Err(_) => Err(Self::resolve_timeout_error(Some(connection))),
-                    }
+                        stage,
+                    )
                 } else {
-                    Err(SpacetimeClientError::Runtime(
-                        "SpacetimeDB 连接租约缺少连接".to_string(),
-                    ))
+                    (
+                        Err(SpacetimeClientError::Runtime(
+                            "SpacetimeDB 连接租约缺少连接".to_string(),
+                        )),
+                        SpacetimeClientStage::ReducerResult,
+                    )
                 };
                 self.release_connection(lease).await;
+                if let Err(error) = &result {
+                    log_spacetime_client_failure(
+                        "reducer",
+                        procedure,
+                        failed_stage,
+                        started_at,
+                        error,
+                    );
+                }
                 result
             }
-            Err(error) => Err(error),
+            Err(error) => {
+                log_spacetime_client_failure(
+                    "reducer",
+                    procedure,
+                    error.stage,
+                    started_at,
+                    &error.error,
+                );
+                Err(error.error)
+            }
         };
 
         metrics_guard.finish(&final_result);
@@ -425,11 +558,22 @@ impl SpacetimeClient {
     where
         T: Send + 'static,
     {
+        let started_at = Instant::now();
         let metrics_guard = telemetry::begin_read(read_name);
-        let lease = match self.acquire_connection().await {
+        let lease = match self
+            .acquire_connection_with_timeout(self.config.procedure_timeout)
+            .await
+        {
             Ok(lease) => lease,
             Err(error) => {
-                let final_result = Err(error);
+                log_spacetime_client_failure(
+                    "read",
+                    read_name,
+                    error.stage,
+                    started_at,
+                    &error.error,
+                );
+                let final_result = Err(error.error);
                 metrics_guard.finish(&final_result);
                 return final_result;
             }
@@ -443,6 +587,15 @@ impl SpacetimeClient {
         };
         self.release_connection(lease).await;
 
+        if let Err(error) = &final_result {
+            log_spacetime_client_failure(
+                "read",
+                read_name,
+                SpacetimeClientStage::ReadCache,
+                started_at,
+                error,
+            );
+        }
         metrics_guard.finish(&final_result);
         final_result
     }
@@ -455,14 +608,75 @@ impl SpacetimeClient {
         self.creation_entry_config_cache.read().await.clone()
     }
 
-    async fn acquire_connection(&self) -> Result<PooledConnectionLease, SpacetimeClientError> {
-        let permit = timeout(
-            self.config.procedure_timeout,
-            self.pool.permits.clone().acquire_owned(),
-        )
-        .await
-        .map_err(|_| SpacetimeClientError::Timeout)?
-        .map_err(|error| SpacetimeClientError::Runtime(error.to_string()))?;
+    pub async fn health_check(&self, probe_timeout: Duration) -> SpacetimeClientHealthSnapshot {
+        let timeout = if probe_timeout.is_zero() {
+            DEFAULT_PROCEDURE_TIMEOUT
+        } else {
+            probe_timeout
+        };
+        let started_at = Instant::now();
+        let checked_at_micros = current_unix_micros();
+        let result = self.acquire_connection_with_timeout(timeout).await;
+        match result {
+            Ok(lease) => {
+                self.release_connection(lease).await;
+                let mut health_state = self.health_state.write().await;
+                health_state.last_success_at_micros = Some(checked_at_micros);
+                health_state.last_error = None;
+                SpacetimeClientHealthSnapshot {
+                    ok: true,
+                    stage: SpacetimeClientStage::Ready,
+                    checked_at_micros,
+                    elapsed_ms: duration_millis_u64(started_at.elapsed()),
+                    timeout_ms: duration_millis_u64(timeout),
+                    error: None,
+                    last_success_at_micros: health_state.last_success_at_micros,
+                    last_error: health_state.last_error.clone(),
+                }
+            }
+            Err(error) => {
+                log_spacetime_client_failure(
+                    "health_check",
+                    "spacetime_connection",
+                    error.stage,
+                    started_at,
+                    &error.error,
+                );
+                let mut health_state = self.health_state.write().await;
+                let error_message = error.error.to_string();
+                health_state.last_error = Some(error_message.clone());
+                SpacetimeClientHealthSnapshot {
+                    ok: false,
+                    stage: error.stage,
+                    checked_at_micros,
+                    elapsed_ms: duration_millis_u64(started_at.elapsed()),
+                    timeout_ms: duration_millis_u64(timeout),
+                    error: Some(error_message),
+                    last_success_at_micros: health_state.last_success_at_micros,
+                    last_error: health_state.last_error.clone(),
+                }
+            }
+        }
+    }
+
+    async fn acquire_connection_with_timeout(
+        &self,
+        operation_timeout: Duration,
+    ) -> Result<PooledConnectionLease, SpacetimeStageError> {
+        let permit = timeout(operation_timeout, self.pool.permits.clone().acquire_owned())
+            .await
+            .map_err(|_| {
+                SpacetimeStageError::new(
+                    SpacetimeClientStage::PoolAcquire,
+                    SpacetimeClientError::Timeout,
+                )
+            })?
+            .map_err(|error| {
+                SpacetimeStageError::new(
+                    SpacetimeClientStage::PoolAcquire,
+                    SpacetimeClientError::Runtime(error.to_string()),
+                )
+            })?;
 
         loop {
             for (slot_index, slot) in self.pool.slots.iter().enumerate() {
@@ -480,7 +694,7 @@ impl SpacetimeClient {
                     let connection = if let Some(connection) = reusable_connection {
                         connection
                     } else {
-                        match self.build_pooled_connection().await {
+                        match self.build_pooled_connection(operation_timeout).await {
                             Ok(connection) => connection,
                             Err(error) => {
                                 let mut slot_guard = self.pool.slots[slot_index].lock().await;
@@ -502,7 +716,10 @@ impl SpacetimeClient {
         }
     }
 
-    async fn build_pooled_connection(&self) -> Result<PooledConnection, SpacetimeClientError> {
+    async fn build_pooled_connection(
+        &self,
+        operation_timeout: Duration,
+    ) -> Result<PooledConnection, SpacetimeStageError> {
         let config = self.config.clone();
         let broken = Arc::new(AtomicBool::new(false));
         let (sender, receiver) = oneshot::channel::<Result<(), SpacetimeClientError>>();
@@ -510,7 +727,7 @@ impl SpacetimeClient {
         let broken_flag = broken.clone();
         let disconnect_sender = connect_sender.clone();
         let connection = timeout(
-            self.config.procedure_timeout,
+            operation_timeout,
             tokio::task::spawn_blocking(move || {
                 DbConnection::builder()
                     .with_uri(config.server_url)
@@ -534,17 +751,41 @@ impl SpacetimeClient {
             }),
         )
         .await
-        .map_err(|_| SpacetimeClientError::Timeout)?
-        .map_err(|error| SpacetimeClientError::Runtime(error.to_string()))??;
+        .map_err(|_| {
+            SpacetimeStageError::new(
+                SpacetimeClientStage::ConnectBuild,
+                SpacetimeClientError::Timeout,
+            )
+        })?
+        .map_err(|error| {
+            SpacetimeStageError::new(
+                SpacetimeClientStage::ConnectBuild,
+                SpacetimeClientError::Runtime(error.to_string()),
+            )
+        })?
+        .map_err(|error| SpacetimeStageError::new(SpacetimeClientStage::ConnectBuild, error))?;
 
         let runner = connection.run_threaded();
-        timeout(self.config.procedure_timeout, receiver)
+        timeout(operation_timeout, receiver)
             .await
-            .map_err(|_| SpacetimeClientError::Timeout)?
-            .map_err(|_| SpacetimeClientError::ConnectDropped)??;
+            .map_err(|_| {
+                SpacetimeStageError::new(
+                    SpacetimeClientStage::ConnectHandshake,
+                    SpacetimeClientError::Timeout,
+                )
+            })?
+            .map_err(|_| {
+                SpacetimeStageError::new(
+                    SpacetimeClientStage::ConnectHandshake,
+                    SpacetimeClientError::ConnectDropped,
+                )
+            })?
+            .map_err(|error| {
+                SpacetimeStageError::new(SpacetimeClientStage::ConnectHandshake, error)
+            })?;
 
         let read_model_subscriptions = self
-            .subscribe_cached_read_models(&connection, broken.clone())
+            .subscribe_cached_read_models(&connection, broken.clone(), operation_timeout)
             .await?;
 
         Ok(PooledConnection {
@@ -559,7 +800,8 @@ impl SpacetimeClient {
         &self,
         connection: &DbConnection,
         broken: Arc<AtomicBool>,
-    ) -> Result<Vec<SubscriptionHandle>, SpacetimeClientError> {
+        operation_timeout: Duration,
+    ) -> Result<Vec<SubscriptionHandle>, SpacetimeStageError> {
         let mut subscriptions = Vec::new();
         for query in [
             "SELECT * FROM public_work_gallery_entry",
@@ -576,7 +818,13 @@ impl SpacetimeClient {
             "SELECT * FROM big_fish_gallery_view",
         ] {
             let subscription = self
-                .subscribe_cached_read_model_query(connection, broken.clone(), query, true)
+                .subscribe_cached_read_model_query(
+                    connection,
+                    broken.clone(),
+                    query,
+                    true,
+                    operation_timeout,
+                )
                 .await?;
             subscriptions.push(subscription);
         }
@@ -597,7 +845,13 @@ impl SpacetimeClient {
             "SELECT * FROM asset_object",
         ] {
             if let Ok(subscription) = self
-                .subscribe_cached_read_model_query(connection, broken.clone(), query, false)
+                .subscribe_cached_read_model_query(
+                    connection,
+                    broken.clone(),
+                    query,
+                    false,
+                    operation_timeout,
+                )
                 .await
             {
                 subscriptions.push(subscription);
@@ -613,7 +867,8 @@ impl SpacetimeClient {
         broken: Arc<AtomicBool>,
         query: &'static str,
         mark_broken_on_error: bool,
-    ) -> Result<SubscriptionHandle, SpacetimeClientError> {
+        operation_timeout: Duration,
+    ) -> Result<SubscriptionHandle, SpacetimeStageError> {
         let (sender, receiver) = oneshot::channel::<Result<(), SpacetimeClientError>>();
         let applied_sender = Arc::new(Mutex::new(Some(sender)));
         let on_applied_sender = applied_sender.clone();
@@ -635,10 +890,23 @@ impl SpacetimeClient {
             })
             .subscribe(query);
 
-        timeout(self.config.procedure_timeout, receiver)
+        timeout(operation_timeout, receiver)
             .await
-            .map_err(|_| SpacetimeClientError::Timeout)?
-            .map_err(|_| SpacetimeClientError::ConnectDropped)??;
+            .map_err(|_| {
+                SpacetimeStageError::new(
+                    SpacetimeClientStage::ReadModelSubscribe,
+                    SpacetimeClientError::Timeout,
+                )
+            })?
+            .map_err(|_| {
+                SpacetimeStageError::new(
+                    SpacetimeClientStage::ReadModelSubscribe,
+                    SpacetimeClientError::ConnectDropped,
+                )
+            })?
+            .map_err(|error| {
+                SpacetimeStageError::new(SpacetimeClientStage::ReadModelSubscribe, error)
+            })?;
 
         Ok(subscription)
     }
@@ -658,7 +926,10 @@ impl SpacetimeClient {
     }
 
     // 超时后必须统一归还租约；若连接已先一步断开则回传断线，否则标记坏连接并回传超时。
-    fn resolve_timeout_error(connection: Option<&PooledConnection>) -> SpacetimeClientError {
+    fn resolve_timeout_error(
+        connection: Option<&PooledConnection>,
+        _stage: SpacetimeClientStage,
+    ) -> SpacetimeClientError {
         if let Some(connection) = connection {
             if connection.is_broken() {
                 return SpacetimeClientError::ConnectDropped;
@@ -681,6 +952,27 @@ fn current_public_work_day() -> i64 {
     current_unix_micros().div_euclid(PUBLIC_WORK_PLAY_DAY_MICROS)
 }
 
+fn duration_millis_u64(duration: Duration) -> u64 {
+    duration.as_millis().min(u64::MAX as u128) as u64
+}
+
+fn log_spacetime_client_failure(
+    operation_kind: &'static str,
+    operation_name: &'static str,
+    stage: SpacetimeClientStage,
+    started_at: Instant,
+    error: &SpacetimeClientError,
+) {
+    warn!(
+        operation_kind,
+        operation_name,
+        spacetime_stage = stage.as_str(),
+        elapsed_ms = duration_millis_u64(started_at.elapsed()),
+        error = %error,
+        "SpacetimeDB client operation failed"
+    );
+}
+
 fn public_work_recent_play_counts(
     connection: &DbConnection,
     source_type: &str,

From e29992cf0158686777d089da7c8da68607b4a6f4 Mon Sep 17 00:00:00 2001
From: kdletters <kdletters@qq.com>
Date: Wed, 10 Jun 2026 14:36:56 +0800
Subject: [PATCH 4/9] =?UTF-8?q?=E7=82=B9=E8=B5=9E=E5=92=8C=E6=94=B9?=
 =?UTF-8?q?=E9=80=A0=E5=BC=80=E5=85=B3=E5=8A=A0=E5=85=A5=E5=90=8E=E5=8F=B0?=
 =?UTF-8?q?=E9=85=8D=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .hermes/shared-memory/decision-log.md         |   8 +
 .hermes/shared-memory/pitfalls.md             |   2 +
 apps/admin-web/src/api/adminApiClient.ts      |  47 +-
 apps/admin-web/src/api/adminApiTypes.ts       |  23 +-
 .../AdminCreationEntrySwitchPage.test.tsx     | 117 +++-
 .../pages/AdminCreationEntrySwitchPage.tsx    | 602 ++++++++++++------
 ...�】server-rs与SpacetimeDB数据契约-2026-05-15.md |  14 +-
 ...发运维】本地开发验证与生产运维-2026-05-15.md |   2 +
 ...�玩法创作】平台入口与玩法链路-2026-05-15.md |   6 +-
 packages/shared/src/contracts/auth.ts         |   3 +-
 server-rs/crates/api-server/src/admin.rs      |  82 ++-
 server-rs/crates/api-server/src/app.rs        |  95 ++-
 .../api-server/src/creation_entry_config.rs   | 102 +++
 .../crates/api-server/src/modules/admin.rs    |   8 +-
 server-rs/crates/api-server/src/state.rs      |  85 +++
 .../crates/module-runtime/src/application.rs  | 223 ++++++-
 server-rs/crates/module-runtime/src/domain.rs |  23 +
 server-rs/crates/module-runtime/src/lib.rs    |  32 +
 .../crates/shared-contracts/src/admin.rs      |  14 +-
 .../src/creation_entry_config.rs              |  23 +
 .../spacetime-client/src/mapper/runtime.rs    |  15 +
 .../spacetime-client/src/module_bindings.rs   |   4 +
 .../creation_entry_config_snapshot_type.rs    |   1 +
 .../creation_entry_config_type.rs             |   7 +
 .../crates/spacetime-client/src/runtime.rs    |  28 +
 .../crates/spacetime-module/src/migration.rs  |   3 +
 .../src/runtime/creation_entry_config.rs      |  54 ++
 .../PlatformEntryFlowShellImpl.tsx            | 178 +++---
 .../platformPublicWorkDetailFlow.test.ts      |  50 +-
 .../platformPublicWorkDetailFlow.ts           |  69 +-
 src/services/apiClient.test.ts                |  67 +-
 src/services/apiClient.ts                     |  26 +-
 src/services/creationEntryConfigService.ts    |  11 +
 33 files changed, 1644 insertions(+), 380 deletions(-)

diff --git a/.hermes/shared-memory/decision-log.md b/.hermes/shared-memory/decision-log.md
index 11bd0e53..3c36b390 100644
--- a/.hermes/shared-memory/decision-log.md
+++ b/.hermes/shared-memory/decision-log.md
@@ -16,6 +16,14 @@
 
 ---
 
+## 2026-06-10 公开作品互动能力进入后台全局配置
+
+- 背景：作品详情页的点赞和改造能力原本由前端和各玩法 handler 的硬编码能力矩阵决定，后台无法临时关闭某类公开作品的互动入口，直接关闭创作入口又会误伤已有作品读取和游玩。
+- 决策：公开作品点赞 / 改造能力作为 `creation_entry_config.public_work_interactions_json` 的全局矩阵保存，不进入单个 `creation_entry_type_config`。`GET /api/creation-entry/config` 下发 `publicWorkInteractions`；后台通过 `/admin/api/creation-entry/config/interactions` 按 `sourceType` 保存点赞、改造开关和关闭提示；api-server 只对已经接入后端动作的 RPG / custom-world、大鱼吃小鱼和拼图 like / remix 路由做同源熔断，公开列表、详情读取、已发布作品启动和运行态请求不受影响。
+- 影响范围：`CreationEntryConfigResponse`、`AdminCreationEntryConfigResponse`、`module-runtime` 默认矩阵、`spacetime-module` 表字段和 procedure、`spacetime-client` 绑定、后台入口开关页、平台作品详情点赞 / 改造意图解析。
+- 验证方式：`npm run spacetime:generate`、`npm run check:spacetime-schema`、`cargo test -p module-runtime public_work_interaction_config_defaults_and_overrides --manifest-path server-rs/Cargo.toml`、`cargo test -p api-server public_work_interactions --manifest-path server-rs/Cargo.toml`、后台和前台作品详情互动相关前端测试。
+- 关联文档：`docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md`、`docs/【玩法创作】平台入口与玩法链路-2026-05-15.md`。
+
 ## 2026-06-10 dev Gitea 提供内网 HTTP 入口
 
 - 背景：release / dev 目标 agent 需要从 dev 自托管 Gitea 拉取仓库；继续走 `https://git.genarrative.world/...` 会绕公网链路，`10.2.0.10:3000` 又受云侧端口策略影响不能作为稳定入口。
diff --git a/.hermes/shared-memory/pitfalls.md b/.hermes/shared-memory/pitfalls.md
index 2f0d3fd5..cef625e0 100644
--- a/.hermes/shared-memory/pitfalls.md
+++ b/.hermes/shared-memory/pitfalls.md
@@ -1135,6 +1135,8 @@
 - 现象：刷新网页后，用户明明有本地 access token，却回到未登录状态。
 - 原因：`AuthGate` hydrate 曾先强制调用 `refreshStoredAccessToken()`；当 refresh cookie 临时失效、代理错配或后端返回 `401` 时，该方法会先清空本地 access token，随后 `/api/auth/me` 只能恢复成未登录。
 - 处理：`refreshStoredAccessToken()` 增加 `clearOnFailure` 选项；`AuthGate` 在已有本地 access token 时先用 `/api/auth/me` 确认用户，确认成功后再后台 refresh 续期与写每日登录埋点，后台 refresh 失败不清 token。
+- 追加处理：`/api/auth/refresh` 只有明确返回 `401` / `403` 时才代表登录态权威失效，可以清本地 access token 并触发全局 auth 变化；服务器重启、Nginx 502/503/504、浏览器 `Failed to fetch` 或 refresh 响应契约异常都属于暂时不可用，不能把已有本地 token 清掉，否则重启窗口会把所有打开页面踢成未登录。
+- 契约：`/api/auth/refresh` 成功响应按共享契约 `RefreshSessionResponse { token }` 解析；测试 mock 不要额外塞 `{ ok: true, token }` 遮住真实恢复路径。
 - 验证：`npm run test -- src/services/apiClient.test.ts src/components/auth/AuthGate.test.tsx -t "explicit refresh opts out|auth gate keeps a valid local token login"`。
 - 关联：`src/services/apiClient.ts`、`src/components/auth/AuthGate.tsx`、`docs/technical/AUTH_RESTORE_AND_RECOMMEND_LOADING_FIX_2026-05-09.md`。
 
diff --git a/apps/admin-web/src/api/adminApiClient.ts b/apps/admin-web/src/api/adminApiClient.ts
index ef176285..0a3a1792 100644
--- a/apps/admin-web/src/api/adminApiClient.ts
+++ b/apps/admin-web/src/api/adminApiClient.ts
@@ -20,6 +20,7 @@ import type {
   AdminUpsertProfileRechargeProductRequest,
   AdminUpsertProfileRedeemCodeRequest,
   AdminUpsertProfileTaskConfigRequest,
+  AdminUpsertPublicWorkInteractionConfigRequest,
   AdminWorkVisibilityListResponse,
   ApiErrorEnvelope,
   ApiMeta,
@@ -129,16 +130,16 @@ export async function request<T>(
 export function loginAdmin(username: string, password: string) {
   return request<AdminLoginResponse>('/admin/api/login', {
     method: 'POST',
-    body: {username, password},
+    body: { username, password },
   });
 }
 
 export function getAdminMe(token: string) {
-  return request<AdminMeResponse>('/admin/api/me', {token});
+  return request<AdminMeResponse>('/admin/api/me', { token });
 }
 
 export function getAdminOverview(token: string) {
-  return request<AdminOverviewResponse>('/admin/api/overview', {token});
+  return request<AdminOverviewResponse>('/admin/api/overview', { token });
 }
 
 export function getAdminDatabaseTables(token: string) {
@@ -154,7 +155,7 @@ export function getAdminDatabaseTableRows(
 ) {
   return request<AdminDatabaseTableRowsResponse>(
     `/admin/api/database/tables/${encodeURIComponent(tableName)}/rows${buildDatabaseTableRowsQuery(query)}`,
-    {token},
+    { token },
   );
 }
 
@@ -172,15 +173,14 @@ export function listAdminTrackingEvents(
 ) {
   return request<AdminTrackingEventListResponse>(
     `/admin/api/tracking/events${buildQueryString(query)}`,
-    {token},
+    { token },
   );
 }
 
-
 export function getAdminCreationEntryConfig(token: string) {
   return request<AdminCreationEntryConfigResponse>(
     '/admin/api/creation-entry/config',
-    {token},
+    { token },
   );
 }
 
@@ -213,10 +213,25 @@ export function upsertAdminCreationEntryBanners(
   );
 }
 
+/** 保存公开作品详情页点赞 / 改造能力配置。 */
+export function upsertAdminPublicWorkInteractions(
+  token: string,
+  payload: AdminUpsertPublicWorkInteractionConfigRequest,
+) {
+  return request<AdminCreationEntryConfigResponse>(
+    '/admin/api/creation-entry/config/interactions',
+    {
+      method: 'POST',
+      token,
+      body: payload,
+    },
+  );
+}
+
 export function listAdminWorkVisibility(token: string) {
   return request<AdminWorkVisibilityListResponse>(
     '/admin/api/works/visibility',
-    {token},
+    { token },
   );
 }
 
@@ -237,7 +252,7 @@ export function updateAdminWorkVisibility(
 export function listProfileRedeemCodes(token: string) {
   return request<ProfileRedeemCodeAdminListResponse>(
     '/admin/api/profile/redeem-codes',
-    {token},
+    { token },
   );
 }
 
@@ -258,7 +273,7 @@ export function upsertProfileRedeemCode(
 export function listProfileInviteCodes(token: string) {
   return request<ProfileInviteCodeAdminListResponse>(
     '/admin/api/profile/invite-codes',
-    {token},
+    { token },
   );
 }
 
@@ -293,7 +308,7 @@ export function disableProfileRedeemCode(
 export function listProfileTaskConfigs(token: string) {
   return request<ProfileTaskConfigAdminListResponse>(
     '/admin/api/profile/tasks',
-    {token},
+    { token },
   );
 }
 
@@ -325,7 +340,7 @@ export function disableProfileTaskConfig(
 export function listProfileRechargeProducts(token: string) {
   return request<ProfileRechargeProductConfigAdminListResponse>(
     '/admin/api/profile/recharge-products',
-    {token},
+    { token },
   );
 }
 
@@ -414,13 +429,13 @@ function buildAdminApiError(
 ) {
   const envelope = isRecord(payload) ? (payload as ApiErrorEnvelope) : null;
   const errorPayload = envelope?.error;
-  const details = isRecord(errorPayload?.details)
-    ? errorPayload.details
-    : null;
+  const details = isRecord(errorPayload?.details) ? errorPayload.details : null;
   const detailsMessage =
     typeof details?.message === 'string' ? details.message.trim() : '';
   const payloadMessage =
-    typeof errorPayload?.message === 'string' ? errorPayload.message.trim() : '';
+    typeof errorPayload?.message === 'string'
+      ? errorPayload.message.trim()
+      : '';
   const topLevelMessage =
     typeof envelope?.message === 'string' ? envelope.message.trim() : '';
   const message =
diff --git a/apps/admin-web/src/api/adminApiTypes.ts b/apps/admin-web/src/api/adminApiTypes.ts
index 2eb58477..d3cb8ebe 100644
--- a/apps/admin-web/src/api/adminApiTypes.ts
+++ b/apps/admin-web/src/api/adminApiTypes.ts
@@ -107,12 +107,7 @@ export interface AdminDebugHeaderInput {
   value: string;
 }
 
-export type AdminDebugHttpMethod =
-  | 'GET'
-  | 'POST'
-  | 'PUT'
-  | 'PATCH'
-  | 'DELETE';
+export type AdminDebugHttpMethod = 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
 
 export interface AdminDebugHttpRequest {
   method: AdminDebugHttpMethod;
@@ -143,11 +138,11 @@ export interface AdminTrackingEventListQuery {
   limit?: number;
 }
 
-
 /** 后台创作入口配置响应，同时包含模板入口和独立公告配置。 */
 export interface AdminCreationEntryConfigResponse {
   entries: AdminCreationEntryTypeConfigPayload[];
   eventBanners: AdminCreationEntryEventBannerPayload[];
+  publicWorkInteractions: PublicWorkInteractionConfigPayload[];
 }
 
 /** 后台创作入口公告位配置项；旧结构化 banner 字段仅保留兼容。 */
@@ -201,6 +196,20 @@ export interface AdminUpsertCreationEntryEventBannersRequest {
   eventBannersJson: string;
 }
 
+/** 后台公开作品详情页互动能力配置项。 */
+export interface PublicWorkInteractionConfigPayload {
+  sourceType: string;
+  likeEnabled: boolean;
+  remixEnabled: boolean;
+  likeDisabledMessage: string;
+  remixDisabledMessage: string;
+}
+
+/** 后台保存公开作品点赞 / 改造能力配置请求体。 */
+export interface AdminUpsertPublicWorkInteractionConfigRequest {
+  publicWorkInteractions: PublicWorkInteractionConfigPayload[];
+}
+
 /** 后台统一创作工作台契约表单的传输结构。 */
 export interface UnifiedCreationSpecPayload {
   playId: string;
diff --git a/apps/admin-web/src/pages/AdminCreationEntrySwitchPage.test.tsx b/apps/admin-web/src/pages/AdminCreationEntrySwitchPage.test.tsx
index 4400b5da..0022c263 100644
--- a/apps/admin-web/src/pages/AdminCreationEntrySwitchPage.test.tsx
+++ b/apps/admin-web/src/pages/AdminCreationEntrySwitchPage.test.tsx
@@ -1,19 +1,26 @@
 /* @vitest-environment jsdom */
 
-import {fireEvent, render, screen, waitFor, within} from '@testing-library/react';
+import {
+  fireEvent,
+  render,
+  screen,
+  waitFor,
+  within,
+} from '@testing-library/react';
 import userEvent from '@testing-library/user-event';
-import {beforeEach, expect, test, vi} from 'vitest';
+import { beforeEach, expect, test, vi } from 'vitest';
 
 import {
   getAdminCreationEntryConfig,
   upsertAdminCreationEntryBanners,
   upsertAdminCreationEntryConfig,
+  upsertAdminPublicWorkInteractions,
 } from '../api/adminApiClient';
 import type {
   AdminCreationEntryConfigResponse,
   UnifiedCreationSpecPayload,
 } from '../api/adminApiTypes';
-import {AdminCreationEntrySwitchPage} from './AdminCreationEntrySwitchPage';
+import { AdminCreationEntrySwitchPage } from './AdminCreationEntrySwitchPage';
 
 vi.mock('../api/adminApiClient', () => ({
   formatAdminApiError: vi.fn((error: unknown) =>
@@ -23,6 +30,7 @@ vi.mock('../api/adminApiClient', () => ({
   isAdminApiError: vi.fn(() => false),
   upsertAdminCreationEntryBanners: vi.fn(),
   upsertAdminCreationEntryConfig: vi.fn(),
+  upsertAdminPublicWorkInteractions: vi.fn(),
 }));
 
 const puzzleSpec: UnifiedCreationSpecPayload = {
@@ -55,6 +63,15 @@ const configResponse: AdminCreationEntryConfigResponse = {
       htmlCode: '<section>后台公告</section>',
     },
   ],
+  publicWorkInteractions: [
+    {
+      sourceType: 'puzzle',
+      likeEnabled: true,
+      remixEnabled: true,
+      likeDisabledMessage: '拼图点赞暂不可用。',
+      remixDisabledMessage: '拼图作品改造暂不可用。',
+    },
+  ],
   entries: [
     {
       id: 'puzzle',
@@ -79,16 +96,24 @@ beforeEach(() => {
   vi.mocked(getAdminCreationEntryConfig).mockResolvedValue(configResponse);
   vi.mocked(upsertAdminCreationEntryBanners).mockResolvedValue(configResponse);
   vi.mocked(upsertAdminCreationEntryConfig).mockResolvedValue(configResponse);
+  vi.mocked(upsertAdminPublicWorkInteractions).mockResolvedValue(
+    configResponse,
+  );
 });
 
 test('创作入口后台展示并保存统一创作契约', async () => {
   const user = userEvent.setup();
-  const {container} = render(
-    <AdminCreationEntrySwitchPage token="admin-token" onUnauthorized={vi.fn()} />,
+  const { container } = render(
+    <AdminCreationEntrySwitchPage
+      token="admin-token"
+      onUnauthorized={vi.fn()}
+    />,
   );
 
   await screen.findByText('pictureDescription');
-  expect(container.querySelector('.admin-subsection .admin-info-list')).not.toBeNull();
+  expect(
+    container.querySelector('.admin-subsection .admin-info-list'),
+  ).not.toBeNull();
   expect(
     container.querySelector('.admin-subsection .admin-info-list')?.textContent,
   ).toContain('拼图');
@@ -97,22 +122,22 @@ test('创作入口后台展示并保存统一创作契约', async () => {
   expect(screen.queryByLabelText('契约 JSON')).toBeNull();
   expect(screen.queryByText('puzzle-generating')).toBeNull();
 
-  await user.click(screen.getByRole('button', {name: '修改契约'}));
-  const dialog = screen.getByRole('dialog', {name: '统一创作契约'});
+  await user.click(screen.getByRole('button', { name: '修改契约' }));
+  const dialog = screen.getByRole('dialog', { name: '统一创作契约' });
   expect(within(dialog).queryByLabelText('玩法 ID')).toBeNull();
   expect(within(dialog).queryByLabelText('工作台阶段')).toBeNull();
   expect(within(dialog).queryByLabelText('生成阶段')).toBeNull();
   expect(within(dialog).queryByLabelText('结果阶段')).toBeNull();
   fireEvent.change(within(dialog).getByLabelText('泥点消耗'), {
-    target: {value: '12'},
+    target: { value: '12' },
   });
-  await user.click(within(dialog).getByRole('button', {name: '应用修改'}));
+  await user.click(within(dialog).getByRole('button', { name: '应用修改' }));
 
-  expect(screen.queryByRole('dialog', {name: '统一创作契约'})).toBeNull();
+  expect(screen.queryByRole('dialog', { name: '统一创作契约' })).toBeNull();
   expect(screen.getByText('12泥点数')).toBeTruthy();
 
-  await user.click(screen.getByRole('button', {name: '保存入库'}));
-  await user.click(screen.getByRole('button', {name: '确认'}));
+  await user.click(screen.getByRole('button', { name: '保存入库' }));
+  await user.click(screen.getByRole('button', { name: '确认' }));
 
   await waitFor(() => {
     expect(upsertAdminCreationEntryConfig).toHaveBeenCalledWith(
@@ -150,9 +175,11 @@ test('创作入口后台拒绝 playId 不一致的统一创作契约', async ()
   );
 
   await screen.findByText('pictureDescription');
-  await user.click(screen.getByRole('button', {name: '保存入库'}));
+  await user.click(screen.getByRole('button', { name: '保存入库' }));
 
-  expect(await screen.findByText('统一创作契约 playId 必须与入口 ID 一致')).toBeTruthy();
+  expect(
+    await screen.findByText('统一创作契约 playId 必须与入口 ID 一致'),
+  ).toBeTruthy();
   expect(upsertAdminCreationEntryConfig).not.toHaveBeenCalled();
 });
 
@@ -166,23 +193,25 @@ test('创作入口后台用表单保存公告配置', async () => {
     />,
   );
 
-  expect(await screen.findAllByRole('heading', {name: '创作入口公告'})).toHaveLength(2);
+  expect(
+    await screen.findAllByRole('heading', { name: '创作入口公告' }),
+  ).toHaveLength(2);
   expect(screen.queryByLabelText('公告代码 JSON')).toBeNull();
   fireEvent.change(await screen.findByLabelText('公告 1 标题'), {
-    target: {value: '周末创作赛'},
+    target: { value: '周末创作赛' },
   });
   fireEvent.change(screen.getByLabelText('公告 1 HTML'), {
-    target: {value: '<section>新的入口公告</section>'},
+    target: { value: '<section>新的入口公告</section>' },
   });
-  await user.click(screen.getByRole('button', {name: '新增公告'}));
+  await user.click(screen.getByRole('button', { name: '新增公告' }));
   fireEvent.change(screen.getByLabelText('公告 2 标题'), {
-    target: {value: '第二条公告'},
+    target: { value: '第二条公告' },
   });
   fireEvent.change(screen.getByLabelText('公告 2 HTML'), {
-    target: {value: '<section>轮播第二条</section>'},
+    target: { value: '<section>轮播第二条</section>' },
   });
-  await user.click(screen.getByRole('button', {name: '保存公告'}));
-  await user.click(screen.getByRole('button', {name: '确认'}));
+  await user.click(screen.getByRole('button', { name: '保存公告' }));
+  await user.click(screen.getByRole('button', { name: '确认' }));
 
   await waitFor(() => {
     expect(upsertAdminCreationEntryBanners).toHaveBeenCalled();
@@ -206,6 +235,42 @@ test('创作入口后台用表单保存公告配置', async () => {
   );
 });
 
+test('创作入口后台用表单保存作品互动配置', async () => {
+  const user = userEvent.setup();
+  render(
+    <AdminCreationEntrySwitchPage
+      token="admin-token"
+      onUnauthorized={vi.fn()}
+    />,
+  );
+
+  await screen.findByText('作品互动');
+  const likeToggle = screen.getAllByRole('checkbox')[0]!;
+  await user.click(likeToggle);
+  fireEvent.change(screen.getByLabelText('拼图 / puzzle 点赞关闭提示'), {
+    target: { value: '拼图点赞维护中。' },
+  });
+  await user.click(screen.getByRole('button', { name: '保存作品互动' }));
+  await user.click(screen.getByRole('button', { name: '确认' }));
+
+  await waitFor(() => {
+    expect(upsertAdminPublicWorkInteractions).toHaveBeenCalledWith(
+      'admin-token',
+      {
+        publicWorkInteractions: [
+          {
+            sourceType: 'puzzle',
+            likeEnabled: false,
+            remixEnabled: true,
+            likeDisabledMessage: '拼图点赞维护中。',
+            remixDisabledMessage: '拼图作品改造暂不可用。',
+          },
+        ],
+      },
+    );
+  });
+});
+
 test('创作入口后台把旧结构化公告回显成 HTML 表单', async () => {
   vi.mocked(getAdminCreationEntryConfig).mockResolvedValueOnce({
     ...configResponse,
@@ -251,12 +316,12 @@ test('创作入口后台拒绝空公告表单', async () => {
   );
 
   fireEvent.change(await screen.findByLabelText('公告 1 标题'), {
-    target: {value: ''},
+    target: { value: '' },
   });
   fireEvent.change(screen.getByLabelText('公告 1 HTML'), {
-    target: {value: ''},
+    target: { value: '' },
   });
-  await user.click(screen.getByRole('button', {name: '保存公告'}));
+  await user.click(screen.getByRole('button', { name: '保存公告' }));
 
   expect(await screen.findByText('公告 1 标题和 HTML 都不能为空')).toBeTruthy();
   expect(upsertAdminCreationEntryBanners).not.toHaveBeenCalled();
diff --git a/apps/admin-web/src/pages/AdminCreationEntrySwitchPage.tsx b/apps/admin-web/src/pages/AdminCreationEntrySwitchPage.tsx
index e00c848b..8a674650 100644
--- a/apps/admin-web/src/pages/AdminCreationEntrySwitchPage.tsx
+++ b/apps/admin-web/src/pages/AdminCreationEntrySwitchPage.tsx
@@ -5,10 +5,12 @@ import {
   getAdminCreationEntryConfig,
   upsertAdminCreationEntryBanners,
   upsertAdminCreationEntryConfig,
+  upsertAdminPublicWorkInteractions,
 } from '../api/adminApiClient';
 import type {
   AdminCreationEntryEventBannerPayload,
   AdminCreationEntryTypeConfigPayload,
+  PublicWorkInteractionConfigPayload,
   UnifiedCreationFieldPayload,
   UnifiedCreationSpecPayload,
 } from '../api/adminApiTypes';
@@ -129,14 +131,28 @@ const DEFAULT_UNIFIED_CREATION_STAGE_MAP: Record<
 let announcementFormItemSequence = 0;
 let unifiedCreationSpecFieldSequence = 0;
 
+const PUBLIC_WORK_SOURCE_LABELS: Record<string, string> = {
+  'custom-world': 'RPG',
+  'big-fish': '摸鱼',
+  puzzle: '拼图',
+  'puzzle-clear': '拼消消',
+  'jump-hop': '跳一跳',
+  'wooden-fish': '敲木鱼',
+  match3d: '抓大鹅',
+  'square-hole': '方洞挑战',
+  'visual-novel': '视觉小说',
+  'bark-battle': '汪汪声浪',
+  edutainment: '宝贝识物',
+};
+
 export function AdminCreationEntrySwitchPage({
   token,
   onUnauthorized,
   mode = 'switches',
 }: AdminCreationEntrySwitchPageProps) {
-  const [entries, setEntries] = useState<
-    AdminCreationEntryTypeConfigPayload[]
-  >([]);
+  const [entries, setEntries] = useState<AdminCreationEntryTypeConfigPayload[]>(
+    [],
+  );
   const [selectedId, setSelectedId] = useState('puzzle');
   const [title, setTitle] = useState('');
   const [subtitle, setSubtitle] = useState('');
@@ -157,12 +173,17 @@ export function AdminCreationEntrySwitchPage({
   const [announcementItems, setAnnouncementItems] = useState<
     AnnouncementFormItem[]
   >([]);
+  const [publicWorkInteractions, setPublicWorkInteractions] = useState<
+    PublicWorkInteractionConfigPayload[]
+  >([]);
   const [isLoading, setIsLoading] = useState(false);
   const [isSaving, setIsSaving] = useState(false);
   const [isSavingBanners, setIsSavingBanners] = useState(false);
+  const [isSavingInteractions, setIsSavingInteractions] = useState(false);
   const [listErrorMessage, setListErrorMessage] = useState('');
   const [errorMessage, setErrorMessage] = useState('');
   const [bannerErrorMessage, setBannerErrorMessage] = useState('');
+  const [interactionErrorMessage, setInteractionErrorMessage] = useState('');
   const { confirmWrite, confirmDialog } = useAdminWriteConfirm();
   const isAnnouncementMode = mode === 'announcements';
 
@@ -179,6 +200,7 @@ export function AdminCreationEntrySwitchPage({
       const nextEntries = sortEntries(response.entries);
       setEntries(nextEntries);
       setAnnouncementItems(formatEventBannersFormItems(response.eventBanners));
+      setPublicWorkInteractions(response.publicWorkInteractions ?? []);
       fillForm(
         nextEntries.find((entry) => entry.id === selectedId) ??
           nextEntries[0] ??
@@ -234,6 +256,7 @@ export function AdminCreationEntrySwitchPage({
       const nextEntries = sortEntries(response.entries);
       setEntries(nextEntries);
       setAnnouncementItems(formatEventBannersFormItems(response.eventBanners));
+      setPublicWorkInteractions(response.publicWorkInteractions ?? []);
       fillForm(nextEntries.find((entry) => entry.id === targetId) ?? null);
     } catch (error: unknown) {
       handlePageError(error, onUnauthorized, setErrorMessage);
@@ -269,6 +292,7 @@ export function AdminCreationEntrySwitchPage({
       });
       setEntries(sortEntries(response.entries));
       setAnnouncementItems(formatEventBannersFormItems(response.eventBanners));
+      setPublicWorkInteractions(response.publicWorkInteractions ?? []);
     } catch (error: unknown) {
       handlePageError(error, onUnauthorized, setBannerErrorMessage);
     } finally {
@@ -276,6 +300,41 @@ export function AdminCreationEntrySwitchPage({
     }
   }
 
+  /** 保存公开作品详情页点赞 / 改造能力开关。 */
+  async function handleSavePublicWorkInteractions() {
+    if (isSavingInteractions) {
+      return;
+    }
+
+    setInteractionErrorMessage('');
+    const confirmed = await confirmWrite({
+      action: '保存作品互动配置',
+      target: 'public-work-interactions',
+    });
+    if (!confirmed) {
+      return;
+    }
+
+    setIsSavingInteractions(true);
+    try {
+      const response = await upsertAdminPublicWorkInteractions(token, {
+        publicWorkInteractions: publicWorkInteractions.map((item) => ({
+          ...item,
+          sourceType: item.sourceType.trim(),
+          likeDisabledMessage: item.likeDisabledMessage.trim(),
+          remixDisabledMessage: item.remixDisabledMessage.trim(),
+        })),
+      });
+      setEntries(sortEntries(response.entries));
+      setAnnouncementItems(formatEventBannersFormItems(response.eventBanners));
+      setPublicWorkInteractions(response.publicWorkInteractions ?? []);
+    } catch (error: unknown) {
+      handlePageError(error, onUnauthorized, setInteractionErrorMessage);
+    } finally {
+      setIsSavingInteractions(false);
+    }
+  }
+
   function fillForm(entry: AdminCreationEntryTypeConfigPayload | null) {
     if (!entry) {
       return;
@@ -361,7 +420,10 @@ export function AdminCreationEntrySwitchPage({
       currentForm
         ? {
             ...currentForm,
-            fields: [...currentForm.fields, createUnifiedCreationSpecFieldFormItem()],
+            fields: [
+              ...currentForm.fields,
+              createUnifiedCreationSpecFieldFormItem(),
+            ],
           }
         : currentForm,
     );
@@ -377,7 +439,10 @@ export function AdminCreationEntrySwitchPage({
       );
       return {
         ...currentForm,
-        fields: fields.length > 0 ? fields : [createUnifiedCreationSpecFieldFormItem()],
+        fields:
+          fields.length > 0
+            ? fields
+            : [createUnifiedCreationSpecFieldFormItem()],
       };
     });
   }
@@ -414,6 +479,26 @@ export function AdminCreationEntrySwitchPage({
     });
   }
 
+  /** 更新单条公开作品互动配置。 */
+  function updatePublicWorkInteraction(
+    index: number,
+    patch: Partial<
+      Pick<
+        PublicWorkInteractionConfigPayload,
+        | 'likeEnabled'
+        | 'remixEnabled'
+        | 'likeDisabledMessage'
+        | 'remixDisabledMessage'
+      >
+    >,
+  ) {
+    setPublicWorkInteractions((currentItems) =>
+      currentItems.map((item, itemIndex) =>
+        itemIndex === index ? { ...item, ...patch } : item,
+      ),
+    );
+  }
+
   return (
     <section className="admin-page">
       <div className="admin-page-heading">
@@ -515,191 +600,288 @@ export function AdminCreationEntrySwitchPage({
       ) : null}
 
       {!isAnnouncementMode ? (
-        <div className="admin-two-column admin-two-column-wide">
-          <form className="admin-panel admin-form" onSubmit={handleSave}>
-            <div className="admin-form-row">
-              <label className="admin-field admin-field-fill">
-                <span>入口 ID</span>
-                <input
-                  value={selectedId}
-                  onChange={(event) => setSelectedId(event.target.value)}
-                />
-              </label>
-              <label className="admin-switch-field">
-                <input
-                  checked={visible}
-                  type="checkbox"
-                  onChange={(event) => setVisible(event.target.checked)}
-                />
-                <span>展示</span>
-              </label>
-              <label className="admin-switch-field">
-                <input
-                  checked={open}
-                  type="checkbox"
-                  onChange={(event) => setOpen(event.target.checked)}
-                />
-                <span>开放</span>
-              </label>
+        <>
+          <section className="admin-panel admin-form">
+            <div className="admin-subsection-heading">
+              <h3>作品互动</h3>
+              <span>{`${publicWorkInteractions.length} 类`}</span>
             </div>
-
-            <div className="admin-form-row">
-              <label className="admin-field">
-                <span>标题</span>
-                <input
-                  value={title}
-                  onChange={(event) => setTitle(event.target.value)}
-                />
-              </label>
-              <label className="admin-field">
-                <span>角标</span>
-                <input
-                  value={badge}
-                  onChange={(event) => setBadge(event.target.value)}
-                />
-              </label>
-            </div>
-
-            <label className="admin-field">
-              <span>副标题</span>
-              <input
-                value={subtitle}
-                onChange={(event) => setSubtitle(event.target.value)}
-              />
-            </label>
-
-            <label className="admin-field">
-              <span>图片路径</span>
-              <input
-                value={imageSrc}
-                onChange={(event) => setImageSrc(event.target.value)}
-              />
-            </label>
-
-            <label className="admin-field">
-              <span>排序</span>
-              <input
-                inputMode="numeric"
-                value={sortOrder}
-                onChange={(event) => setSortOrder(event.target.value)}
-              />
-            </label>
-
-            <div className="admin-form-row">
-              <label className="admin-field">
-                <span>分类 ID</span>
-                <input
-                  value={categoryId}
-                  onChange={(event) => setCategoryId(event.target.value)}
-                />
-              </label>
-              <label className="admin-field">
-                <span>分类名称</span>
-                <input
-                  value={categoryLabel}
-                  onChange={(event) => setCategoryLabel(event.target.value)}
-                />
-              </label>
-            </div>
-
-            <label className="admin-field">
-              <span>分类排序</span>
-              <input
-                inputMode="numeric"
-                value={categorySortOrder}
-                onChange={(event) => setCategorySortOrder(event.target.value)}
-              />
-            </label>
-
-            <section className="admin-subsection">
-              <div className="admin-subsection-heading">
-                <span>统一创作契约</span>
-                <span>
-                  {unifiedCreationSpec ? '已配置' : '未配置'}
-                </span>
-              </div>
-              <div className="admin-form-actions">
-                <button
-                  className="admin-secondary-button"
-                  type="button"
-                  onClick={openUnifiedCreationSpecForm}
-                >
-                  <Pencil size={17} aria-hidden="true" />
-                  <span>{unifiedCreationSpec ? '修改契约' : '新增契约'}</span>
-                </button>
-                {unifiedCreationSpec ? (
-                  <button
-                    className="admin-secondary-button"
-                    type="button"
-                    onClick={() => setUnifiedCreationSpec(null)}
-                  >
-                    <Trash2 size={17} aria-hidden="true" />
-                    <span>清空契约</span>
-                  </button>
-                ) : null}
-              </div>
-              {unifiedCreationSpec ? (
-                <UnifiedCreationSpecCard spec={unifiedCreationSpec} />
-              ) : (
-                <div className="admin-muted-text">未配置统一创作页契约</div>
-              )}
-            </section>
-
-            {errorMessage ? (
-              <div className="admin-alert" role="status">
-                {errorMessage}
-              </div>
-            ) : null}
-
-            <div className="admin-form-actions">
-              <button
-                className="admin-primary-button"
-                disabled={isSaving}
-                type="submit"
-              >
-                <Save size={17} aria-hidden="true" />
-                <span>{isSaving ? '保存中' : '保存入库'}</span>
-              </button>
-            </div>
-          </form>
-
-          <section className="admin-panel">
             <div className="admin-table-wrap">
               <table className="admin-table admin-table-compact">
                 <thead>
                   <tr>
-                    <th>入口</th>
-                    <th>展示</th>
-                    <th>开放</th>
-                    <th>统一契约</th>
-                    <th>分类</th>
-                    <th>排序</th>
+                    <th>作品类型</th>
+                    <th>点赞</th>
+                    <th>点赞关闭提示</th>
+                    <th>改造</th>
+                    <th>改造关闭提示</th>
                   </tr>
                 </thead>
                 <tbody>
-                  {entries.map((entry) => (
-                    <tr key={entry.id}>
+                  {publicWorkInteractions.map((item, index) => (
+                    <tr key={item.sourceType}>
+                      <td>{formatPublicWorkSourceLabel(item.sourceType)}</td>
                       <td>
-                        <button
-                          className="admin-link-button"
-                          type="button"
-                          onClick={() => fillForm(entry)}
-                        >
-                          {entry.title || entry.id}
-                        </button>
+                        <label className="admin-switch-field">
+                          <input
+                            checked={item.likeEnabled}
+                            type="checkbox"
+                            onChange={(event) =>
+                              updatePublicWorkInteraction(index, {
+                                likeEnabled: event.target.checked,
+                              })
+                            }
+                          />
+                          <span>{item.likeEnabled ? '开' : '关'}</span>
+                        </label>
+                      </td>
+                      <td>
+                        <input
+                          aria-label={`${formatPublicWorkSourceLabel(
+                            item.sourceType,
+                          )} 点赞关闭提示`}
+                          value={item.likeDisabledMessage}
+                          onChange={(event) =>
+                            updatePublicWorkInteraction(index, {
+                              likeDisabledMessage: event.target.value,
+                            })
+                          }
+                        />
+                      </td>
+                      <td>
+                        <label className="admin-switch-field">
+                          <input
+                            checked={item.remixEnabled}
+                            type="checkbox"
+                            onChange={(event) =>
+                              updatePublicWorkInteraction(index, {
+                                remixEnabled: event.target.checked,
+                              })
+                            }
+                          />
+                          <span>{item.remixEnabled ? '开' : '关'}</span>
+                        </label>
+                      </td>
+                      <td>
+                        <input
+                          aria-label={`${formatPublicWorkSourceLabel(
+                            item.sourceType,
+                          )} 改造关闭提示`}
+                          value={item.remixDisabledMessage}
+                          onChange={(event) =>
+                            updatePublicWorkInteraction(index, {
+                              remixDisabledMessage: event.target.value,
+                            })
+                          }
+                        />
                       </td>
-                      <td>{entry.visible ? '是' : '否'}</td>
-                      <td>{entry.open ? '是' : '否'}</td>
-                      <td>{entry.unifiedCreationSpec ? '是' : '否'}</td>
-                      <td>{entry.categoryLabel || entry.categoryId}</td>
-                      <td>{entry.sortOrder}</td>
                     </tr>
                   ))}
                 </tbody>
               </table>
             </div>
+            {interactionErrorMessage ? (
+              <div className="admin-alert" role="status">
+                {interactionErrorMessage}
+              </div>
+            ) : null}
+            <div className="admin-form-actions">
+              <button
+                className="admin-secondary-button"
+                disabled={isSavingInteractions}
+                type="button"
+                onClick={handleSavePublicWorkInteractions}
+              >
+                <Save size={17} aria-hidden="true" />
+                <span>{isSavingInteractions ? '保存中' : '保存作品互动'}</span>
+              </button>
+            </div>
           </section>
-        </div>
+
+          <div className="admin-two-column admin-two-column-wide">
+            <form className="admin-panel admin-form" onSubmit={handleSave}>
+              <div className="admin-form-row">
+                <label className="admin-field admin-field-fill">
+                  <span>入口 ID</span>
+                  <input
+                    value={selectedId}
+                    onChange={(event) => setSelectedId(event.target.value)}
+                  />
+                </label>
+                <label className="admin-switch-field">
+                  <input
+                    checked={visible}
+                    type="checkbox"
+                    onChange={(event) => setVisible(event.target.checked)}
+                  />
+                  <span>展示</span>
+                </label>
+                <label className="admin-switch-field">
+                  <input
+                    checked={open}
+                    type="checkbox"
+                    onChange={(event) => setOpen(event.target.checked)}
+                  />
+                  <span>开放</span>
+                </label>
+              </div>
+
+              <div className="admin-form-row">
+                <label className="admin-field">
+                  <span>标题</span>
+                  <input
+                    value={title}
+                    onChange={(event) => setTitle(event.target.value)}
+                  />
+                </label>
+                <label className="admin-field">
+                  <span>角标</span>
+                  <input
+                    value={badge}
+                    onChange={(event) => setBadge(event.target.value)}
+                  />
+                </label>
+              </div>
+
+              <label className="admin-field">
+                <span>副标题</span>
+                <input
+                  value={subtitle}
+                  onChange={(event) => setSubtitle(event.target.value)}
+                />
+              </label>
+
+              <label className="admin-field">
+                <span>图片路径</span>
+                <input
+                  value={imageSrc}
+                  onChange={(event) => setImageSrc(event.target.value)}
+                />
+              </label>
+
+              <label className="admin-field">
+                <span>排序</span>
+                <input
+                  inputMode="numeric"
+                  value={sortOrder}
+                  onChange={(event) => setSortOrder(event.target.value)}
+                />
+              </label>
+
+              <div className="admin-form-row">
+                <label className="admin-field">
+                  <span>分类 ID</span>
+                  <input
+                    value={categoryId}
+                    onChange={(event) => setCategoryId(event.target.value)}
+                  />
+                </label>
+                <label className="admin-field">
+                  <span>分类名称</span>
+                  <input
+                    value={categoryLabel}
+                    onChange={(event) => setCategoryLabel(event.target.value)}
+                  />
+                </label>
+              </div>
+
+              <label className="admin-field">
+                <span>分类排序</span>
+                <input
+                  inputMode="numeric"
+                  value={categorySortOrder}
+                  onChange={(event) => setCategorySortOrder(event.target.value)}
+                />
+              </label>
+
+              <section className="admin-subsection">
+                <div className="admin-subsection-heading">
+                  <span>统一创作契约</span>
+                  <span>{unifiedCreationSpec ? '已配置' : '未配置'}</span>
+                </div>
+                <div className="admin-form-actions">
+                  <button
+                    className="admin-secondary-button"
+                    type="button"
+                    onClick={openUnifiedCreationSpecForm}
+                  >
+                    <Pencil size={17} aria-hidden="true" />
+                    <span>{unifiedCreationSpec ? '修改契约' : '新增契约'}</span>
+                  </button>
+                  {unifiedCreationSpec ? (
+                    <button
+                      className="admin-secondary-button"
+                      type="button"
+                      onClick={() => setUnifiedCreationSpec(null)}
+                    >
+                      <Trash2 size={17} aria-hidden="true" />
+                      <span>清空契约</span>
+                    </button>
+                  ) : null}
+                </div>
+                {unifiedCreationSpec ? (
+                  <UnifiedCreationSpecCard spec={unifiedCreationSpec} />
+                ) : (
+                  <div className="admin-muted-text">未配置统一创作页契约</div>
+                )}
+              </section>
+
+              {errorMessage ? (
+                <div className="admin-alert" role="status">
+                  {errorMessage}
+                </div>
+              ) : null}
+
+              <div className="admin-form-actions">
+                <button
+                  className="admin-primary-button"
+                  disabled={isSaving}
+                  type="submit"
+                >
+                  <Save size={17} aria-hidden="true" />
+                  <span>{isSaving ? '保存中' : '保存入库'}</span>
+                </button>
+              </div>
+            </form>
+
+            <section className="admin-panel">
+              <div className="admin-table-wrap">
+                <table className="admin-table admin-table-compact">
+                  <thead>
+                    <tr>
+                      <th>入口</th>
+                      <th>展示</th>
+                      <th>开放</th>
+                      <th>统一契约</th>
+                      <th>分类</th>
+                      <th>排序</th>
+                    </tr>
+                  </thead>
+                  <tbody>
+                    {entries.map((entry) => (
+                      <tr key={entry.id}>
+                        <td>
+                          <button
+                            className="admin-link-button"
+                            type="button"
+                            onClick={() => fillForm(entry)}
+                          >
+                            {entry.title || entry.id}
+                          </button>
+                        </td>
+                        <td>{entry.visible ? '是' : '否'}</td>
+                        <td>{entry.open ? '是' : '否'}</td>
+                        <td>{entry.unifiedCreationSpec ? '是' : '否'}</td>
+                        <td>{entry.categoryLabel || entry.categoryId}</td>
+                        <td>{entry.sortOrder}</td>
+                      </tr>
+                    ))}
+                  </tbody>
+                </table>
+              </div>
+            </section>
+          </div>
+        </>
       ) : null}
 
       {confirmDialog}
@@ -776,7 +958,10 @@ export function AdminCreationEntrySwitchPage({
               </div>
               <div className="admin-contract-field-editor-list">
                 {unifiedCreationSpecForm.fields.map((field, index) => (
-                  <section className="admin-contract-field-editor" key={field.id}>
+                  <section
+                    className="admin-contract-field-editor"
+                    key={field.id}
+                  >
                     <div className="admin-subsection-heading">
                       <span>{`字段 ${index + 1}`}</span>
                       <button
@@ -881,6 +1066,11 @@ function sortEntries(entries: AdminCreationEntryTypeConfigPayload[]) {
   });
 }
 
+function formatPublicWorkSourceLabel(sourceType: string) {
+  const label = PUBLIC_WORK_SOURCE_LABELS[sourceType];
+  return label ? `${label} / ${sourceType}` : sourceType;
+}
+
 function parseInteger(value: string) {
   const parsed = Number.parseInt(value, 10);
   if (!Number.isFinite(parsed)) {
@@ -933,7 +1123,7 @@ function buildEventBannersJsonFromForm(
     htmlCode: item.htmlCode.trim(),
   }));
   if (banners.length === 0) {
-    return {ok: false as const, message: '至少需要一条公告'};
+    return { ok: false as const, message: '至少需要一条公告' };
   }
   const emptyIndex = banners.findIndex(
     (banner) => !banner.title || !banner.htmlCode,
@@ -945,7 +1135,7 @@ function buildEventBannersJsonFromForm(
     };
   }
 
-  return {ok: true as const, json: JSON.stringify(banners, null, 2)};
+  return { ok: true as const, json: JSON.stringify(banners, null, 2) };
 }
 
 /** 将旧结构化公告字段转成可编辑 HTML，避免后台表单丢失历史公告内容。 */
@@ -995,9 +1185,9 @@ function buildUnifiedCreationSpecForm(
     title: spec?.title ?? entryTitle,
     mudPointCost: String(normalizeMudPointCost(spec?.mudPointCost)),
     ...stages,
-    fields:
-      spec?.fields.map((field) => createUnifiedCreationSpecFieldFormItem(field)) ??
-      [createUnifiedCreationSpecFieldFormItem()],
+    fields: spec?.fields.map((field) =>
+      createUnifiedCreationSpecFieldFormItem(field),
+    ) ?? [createUnifiedCreationSpecFieldFormItem()],
   };
 }
 
@@ -1044,10 +1234,13 @@ function validateUnifiedCreationSpecForEntry(
   spec: UnifiedCreationSpecPayload | null,
 ) {
   if (!spec) {
-    return {ok: true as const, spec: null};
+    return { ok: true as const, spec: null };
   }
   if (spec.playId !== entryId) {
-    return {ok: false as const, message: '统一创作契约 playId 必须与入口 ID 一致'};
+    return {
+      ok: false as const,
+      message: '统一创作契约 playId 必须与入口 ID 一致',
+    };
   }
   return validateUnifiedCreationSpec(spec);
 }
@@ -1064,12 +1257,12 @@ function formatMudPointCostText(value: number | null | undefined) {
 
 function validateUnifiedCreationSpec(value: unknown) {
   if (!isRecord(value)) {
-    return {ok: false as const, message: '统一创作契约必须是对象'};
+    return { ok: false as const, message: '统一创作契约必须是对象' };
   }
 
   const playId = readRequiredString(value, 'playId');
   if (!playId) {
-    return {ok: false as const, message: '统一创作契约 playId 不能为空'};
+    return { ok: false as const, message: '统一创作契约 playId 不能为空' };
   }
 
   const title = readRequiredString(value, 'title');
@@ -1078,42 +1271,57 @@ function validateUnifiedCreationSpec(value: unknown) {
   const generationStage = readRequiredString(value, 'generationStage');
   const resultStage = readRequiredString(value, 'resultStage');
   if (!title) {
-    return {ok: false as const, message: '统一创作契约标题不能为空'};
+    return { ok: false as const, message: '统一创作契约标题不能为空' };
   }
   if (!workspaceStage || !generationStage || !resultStage) {
-    return {ok: false as const, message: '该玩法缺少默认阶段配置，请先由开发接入'};
+    return {
+      ok: false as const,
+      message: '该玩法缺少默认阶段配置，请先由开发接入',
+    };
   }
   if (mudPointCost === null) {
-    return {ok: false as const, message: '统一创作契约泥点消耗数量必须是大于 0 的整数'};
+    return {
+      ok: false as const,
+      message: '统一创作契约泥点消耗数量必须是大于 0 的整数',
+    };
   }
   if (new Set([workspaceStage, generationStage, resultStage]).size !== 3) {
-    return {ok: false as const, message: '统一创作契约阶段不能重复'};
+    return { ok: false as const, message: '统一创作契约阶段不能重复' };
   }
 
   if (!Array.isArray(value.fields) || value.fields.length === 0) {
-    return {ok: false as const, message: '统一创作契约 fields 不能为空'};
+    return { ok: false as const, message: '统一创作契约 fields 不能为空' };
   }
 
   const fieldIds = new Set<string>();
   const fields: UnifiedCreationFieldPayload[] = [];
   for (const item of value.fields) {
     if (!isRecord(item)) {
-      return {ok: false as const, message: '统一创作契约字段必须是对象'};
+      return { ok: false as const, message: '统一创作契约字段必须是对象' };
     }
     const id = readRequiredString(item, 'id');
     const label = readRequiredString(item, 'label');
     if (!id || !label) {
-      return {ok: false as const, message: '统一创作契约字段 id 和 label 不能为空'};
+      return {
+        ok: false as const,
+        message: '统一创作契约字段 id 和 label 不能为空',
+      };
     }
     if (fieldIds.has(id)) {
-      return {ok: false as const, message: `统一创作契约字段 id 重复：${id}`};
+      return { ok: false as const, message: `统一创作契约字段 id 重复：${id}` };
     }
     fieldIds.add(id);
     if (!isUnifiedCreationFieldKind(item.kind)) {
-      return {ok: false as const, message: `统一创作契约字段 kind 非法：${id}`};
+      return {
+        ok: false as const,
+        message: `统一创作契约字段 kind 非法：${id}`,
+      };
     }
     if (typeof item.required !== 'boolean') {
-      return {ok: false as const, message: `统一创作契约字段 required 非法：${id}`};
+      return {
+        ok: false as const,
+        message: `统一创作契约字段 required 非法：${id}`,
+      };
     }
     fields.push({
       id,
@@ -1137,7 +1345,11 @@ function validateUnifiedCreationSpec(value: unknown) {
   };
 }
 
-function UnifiedCreationSpecCard({spec}: {spec: UnifiedCreationSpecPayload}) {
+function UnifiedCreationSpecCard({
+  spec,
+}: {
+  spec: UnifiedCreationSpecPayload;
+}) {
   return (
     <div className="admin-contract-card">
       <dl className="admin-info-list">
diff --git a/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md b/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md
index aaf9ff20..816b4a32 100644
--- a/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md
+++ b/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md
@@ -1,6 +1,6 @@
 # server-rs 与 SpacetimeDB 数据契约
 
-更新时间：`2026-05-15`
+更新时间：`2026-06-10`
 
 ## 后端主线
 
@@ -54,13 +54,13 @@ npm run check:server-rs-ddd
 路由树由 `server-rs/crates/api-server/src/app.rs` 统一构造。当前主要分组：
 
 - 健康检查：`GET /healthz`。
-- 后台管理：`/admin/api/*`，包括登录、概览、HTTP debug、埋点、表查询、创作入口开关、作品可见性、兑换码、邀请码、任务配置和充值商品配置。
+- 后台管理：`/admin/api/*`，包括登录、概览、HTTP debug、埋点、表查询、创作入口开关、作品互动配置、作品可见性、兑换码、邀请码、任务配置和充值商品配置。
 - 认证与账号：`/api/auth/*`、`/api/profile/me`，包括短信、密码、微信、refresh session、多端会话和登出。
 - 个人中心：`/api/profile/*`，包括钱包流水、任务、领奖、充值、反馈、邀请和兑换等账号侧能力。
 - 平台基础能力：`/api/llm/*`、`/api/speech/volcengine/*`，只保留通用 LLM 和语音代理。
 - 资产基础能力：`/api/assets/direct-upload-tickets`、`/api/assets/sts-upload-credentials`、`/api/assets/objects/*`、`/api/assets/read-*`，负责直传、确认、绑定和读取。
 - 创作 / 游玩支撑能力：`/api/creation-entry/config`、`/api/ai/tasks*`、`/api/runtime/chat/*`、`/api/runtime/settings`、`/api/runtime/save/snapshot`、`/api/profile/browse-history`、`/api/profile/save-archives*`、`/api/profile/play-stats`、`/api/assets/history`、`/api/assets/character-visual/*`、`/api/assets/character-animation/*`、`/api/assets/character-workflow-cache*`、`/api/assets/hyper3d/*`、`/api/runtime/custom-world/asset-studio/*`。
-- 后台入口配置：`/admin/api/creation-entry/config` 和 `/admin/api/creation-entry/config/banners`。
+- 后台入口配置：`/admin/api/creation-entry/config`、`/admin/api/creation-entry/config/banners` 和 `/admin/api/creation-entry/config/interactions`。
 - 自定义世界 / RPG：`/api/runtime/custom-world*`、`/api/story/*`、`/api/runtime/chat/*`。
 - 拼图：`/api/runtime/puzzle/*`。
 - 抓大鹅 Match3D：`/api/creation/match3d/*`、`/api/runtime/match3d/*`。
@@ -356,8 +356,8 @@ npm run check:server-rs-ddd
 
 - Rust 结构体：`CreationEntryConfig`
 - 源码：`server-rs/crates/spacetime-module/src/runtime/creation_entry_config.rs`
-- 字段：`config_id`、`start_title`、`start_description`、`start_idle_badge`、`start_busy_badge`、`modal_title`、`modal_description`、`updated_at`、`event_title`、`event_description`、`event_cover_image_src`、`event_prize_pool_mud_points`、`event_starts_at_text`、`event_ends_at_text`、`event_banners_json`。
-- 迁移兼容：旧迁移包缺少活动横幅字段时，由 `migration.rs` 写入 `None` / `58000` 默认值；旧库缺少 `event_banners_json` 时写入 `None`，运行态读取层再按 `module-runtime` 默认公告数组归一，不覆盖后台已保存配置，也不把旧结构化 `eventBanner` 升格为前端优先数组。HTTP 响应同时返回 `eventBanners` 数组和旧 `eventBanner` 单条兼容字段，前端优先消费数组；后台新配置主格式为 HTML 公告字符串数组或 `{title, htmlCode}` 对象数组，旧结构化 banner 字段仅保留兼容。默认公告背景和旧结构化默认 `coverImageSrc` 必须引用 `public/` 下真实存在的静态资源，当前为 `/creation-type-references/puzzle.webp`。
+- 字段：`config_id`、`start_title`、`start_description`、`start_idle_badge`、`start_busy_badge`、`modal_title`、`modal_description`、`updated_at`、`event_title`、`event_description`、`event_cover_image_src`、`event_prize_pool_mud_points`、`event_starts_at_text`、`event_ends_at_text`、`event_banners_json`、`public_work_interactions_json`。
+- 迁移兼容：旧迁移包缺少活动横幅字段时，由 `migration.rs` 写入 `None` / `58000` 默认值；旧库缺少 `event_banners_json` 时写入 `None`，运行态读取层再按 `module-runtime` 默认公告数组归一，不覆盖后台已保存配置，也不把旧结构化 `eventBanner` 升格为前端优先数组。旧库缺少 `public_work_interactions_json` 时写入 `None`，读取层按 `module-runtime` 默认作品互动矩阵补齐 `publicWorkInteractions`，不覆盖后台已保存开关。HTTP 响应同时返回 `eventBanners` 数组、旧 `eventBanner` 单条兼容字段和 `publicWorkInteractions` 互动矩阵；前端优先消费数组与矩阵。后台新公告配置主格式为 HTML 公告字符串数组或 `{title, htmlCode}` 对象数组，旧结构化 banner 字段仅保留兼容。默认公告背景和旧结构化默认 `coverImageSrc` 必须引用 `public/` 下真实存在的静态资源，当前为 `/creation-type-references/puzzle.webp`。
 
 ### `creation_entry_type_config`
 
@@ -749,8 +749,8 @@ npm run check:server-rs-ddd
 
 跨玩法公开作品列表 / 详情主读模型是 `public_work_gallery_entry` 与 `public_work_detail_entry`。拼图、自定义世界等旧玩法公开列表 HTTP 路由保留原响应 shape，由 BFF mapper 从统一 public cache 映射回当前 DTO；旧 `*_gallery_card_view` / `*_gallery_view` / `custom_world_gallery_entry` 继续作为 source view 和兼容缓存。各玩法的个人作品列表、详情、发布、点赞、游玩记录、Remix 和其它需要鉴权或写入副作用的路径继续走 procedure / reducer；不要为了公开列表性能把这些 owner-specific 或 mutation 语义混进 public view。
 
-`GET /api/creation-entry/config` 和入口熔断优先从订阅 cache 读取创作入口配置；cache 缺失时使用最近一次成功读取的内存快照，再兜底调用 `get_creation_entry_config` procedure 完成空库种子或旧库兼容。
-入口配置快照包含 start card、类型弹窗、公告位兼容字段和入口类型列表；入口类型列表新增 `category_id`、`category_label`、`category_sort_order` 后，后台 upsert、`shared-contracts`、`module-runtime` 和 `spacetime-client` binding 必须同步，旧迁移 JSON 通过 `migration.rs` 默认值兼容。
+`GET /api/creation-entry/config`、入口熔断和公开作品互动熔断优先从订阅 cache 读取创作入口配置；cache 缺失时使用最近一次成功读取的内存快照，再兜底调用 `get_creation_entry_config` procedure 完成空库种子或旧库兼容。
+入口配置快照包含 start card、类型弹窗、公告位兼容字段、入口类型列表和 `publicWorkInteractions` 作品互动矩阵；入口类型列表新增 `category_id`、`category_label`、`category_sort_order` 后，后台 upsert、`shared-contracts`、`module-runtime` 和 `spacetime-client` binding 必须同步，旧迁移 JSON 通过 `migration.rs` 默认值兼容。作品互动矩阵是全局公开作品详情能力配置，不属于单个 `creation_entry_type_config`；后台通过 `/admin/api/creation-entry/config/interactions` 保存，前端据此隐藏或拦截已接入的点赞 / Remix 入口，api-server 同时对已接入后端动作执行 `public_work_interaction_disabled` 熔断。
 
 RPG 创作入口的配置 ID 是 `rpg`，当前 `visible=true`、`open=true`；历史 `custom-world` 路由仍是 RPG 的工程域与运行态源类型。入口熔断把 `/api/runtime/custom-world*`、`/api/story/*` 和 `/api/runtime/chat/*` 统一映射到 `rpg`，不要新增平行 `airp` 路由或用 `airp` 接管当前文字冒险链路。
 
diff --git a/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md b/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
index d2b630ac..2d779227 100644
--- a/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
+++ b/docs/【开发运维】本地开发验证与生产运维-2026-05-15.md
@@ -465,6 +465,8 @@ journalctl -u genarrative-api.service --since '30 seconds ago' --no-pager | grep
 
 `Genarrative-Server-Provision` 和 `Genarrative-Api-Deploy` 会在保留旧 `/etc/genarrative/api-server.env` 的前提下补齐缺失的 tracking outbox 运行态路径，并确保 `/var/lib/genarrative/tracking-outbox` 归属 `genarrative:genarrative`。用户认证真相源只允许在 SpacetimeDB 正式认证表（`user_account` / `auth_identity` / `refresh_session`）恢复；不要再配置或依赖 `GENARRATIVE_AUTH_STORE_PATH` / `auth-store.json`，`module-auth` 也不再维护本地文件持久化；`auth_store_snapshot` 只保留行级记录，不再保存为单行 `default` 聚合快照，且旧 `get_auth_store_snapshot` / `upsert_auth_store_snapshot` / `import_auth_store_snapshot` 入口已经删除。如果 `api-server` 启动时连不上 SpacetimeDB，会持续重试启动恢复，直到认证工作集从 SpacetimeDB 正式表恢复成功后才开始监听 HTTP，以避免用空本地状态或旧快照覆盖认证表。
 
+前端登录态恢复只把 `/api/auth/refresh` 的 `401` / `403` 当成权威失效信号；服务器重启窗口里的 `502` / `503` / `504`、浏览器 `Failed to fetch` 或 refresh 响应契约异常都必须保留已有本地 access token，不触发全局 auth 变化。refresh 成功响应以共享契约 `RefreshSessionResponse { token }` 为准，前端不要额外要求业务 `ok` 字段。排查“重启后用户都掉线”时，先区分前端是否被暂时不可用清掉本地 token，再检查 SpacetimeDB 正式认证表是否缺 `user_account` / `refresh_session` 数据。
+
 常用检查思路：
 
 ```sql
diff --git a/docs/【玩法创作】平台入口与玩法链路-2026-05-15.md b/docs/【玩法创作】平台入口与玩法链路-2026-05-15.md
index 308b4178..00e3bf72 100644
--- a/docs/【玩法创作】平台入口与玩法链路-2026-05-15.md
+++ b/docs/【玩法创作】平台入口与玩法链路-2026-05-15.md
@@ -1,10 +1,10 @@
 # 平台入口与玩法链路
 
-更新时间：`2026-06-04`
+更新时间：`2026-06-10`
 
 ## 平台创作入口
 
-创作入口配置事实源在 SpacetimeDB，通过 `GET /api/creation-entry/config` 下发；后台通过 `/admin/api/creation-entry/config` 管理。前端只在展示层派生可见卡片和入口状态，`api-server` 路由熔断也使用同一份配置。不要恢复前端硬编码入口配置文件。
+创作入口配置事实源在 SpacetimeDB，通过 `GET /api/creation-entry/config` 下发；后台通过 `/admin/api/creation-entry/config` 管理入口开关，通过 `/admin/api/creation-entry/config/interactions` 管理公开作品点赞 / 改造能力矩阵。前端只在展示层派生可见卡片、入口状态和作品详情互动状态，`api-server` 路由熔断也使用同一份配置。不要恢复前端硬编码入口配置文件。
 
 当前点击底部加号进入的创作入口页承载后台公告位、创作入口页签和两列模板卡；页签中只有真实后端作品架摘要存在时才展示“最近创作”，其余为玩法模板分类。点击模板卡后直接进入对应玩法已有的入口创作表单 stage，不再经过空白占位页，也不把旧表单嵌进创作入口页；模板点击的占位 no-op、隐藏模板拦截、未知入口 no-op 和工作台启动目标统一由 `platformCreationLaunchModel.ts` 判定，壳层只执行启动前准备、错误提示和受保护动作。移动端创作入口页顶栏在 `陶泥儿` 品牌同一行显示真实账户泥点数，数据来自 `profileDashboard.walletBalance`，不得再把公告内容或活动奖池当作账号余额展示。创作入口页公告位数据优先读取 `GET /api/creation-entry/config` 的 `eventBanners` 数组，多条配置时前端自动轮播；旧 `eventBanner` 只保留字段回显与旧客户端兼容，不再作为前端公告数组的兜底来源。后台公告配置面向表单：每条公告包含标题和 HTML 内容，后台保存时序列化为后端 `eventBannersJson` 传输字段，由前端空权限沙箱 iframe 展示；旧结构化 banner 字段仅保留回显兼容，不再作为后台公告配置主格式；不得执行 JSX 或把后台代码直接注入 DOM。玩法列表不再套外部边框卡片，移动端需要压缩横向边距和两列间距；玩法卡统一按“上图、左上状态标签（仅非开放态显示）、封面右下显示 `creationTypes[].unifiedCreationSpec.mudPointCost` 经前端格式化后的泥点消耗、下方白底标题/描述”结构展示，旧契约缺少该字段时兜底 `10` 并由前端显示为 `10泥点数`，卡片高度保持紧凑但标题、描述和预估消耗点数都必须可见。创作入口页根容器不再使用 `platform-page-stage` 这类全局内容卡片壳，但继续保留 `platform-remap-surface` 作为主题和输入框样式命中钩子。创作入口页字号需要对齐平台普通 UI 档位：顶栏泥点组件、公告正文、分类 Tab 和玩法卡标题 / 副标题 / 消耗说明优先使用 `11px` 到 `14px`，不使用 `text-lg`、`text-xl` 或更大的展示级字号。草稿 Tab 继续承接作品架；底部加号入口页的“最近创作”只用 7 天内的真实后端作品架摘要判断是否展示，并从摘要里推导最近使用过的模板 ID，页面必须展示“仅显示最近7天内使用过的模板”提示，列表内容必须复用其它页签里的模板卡样式、文案和点击行为，不展示具体作品名称、摘要或生成状态，也不新增独立最近创作卡组件。RPG、RPG 之外的各玩法入口分别落到既有的 `agent-workspace`、`big-fish-agent-workspace`、`match3d-agent-workspace`、`square-hole-agent-workspace`、`jump-hop-workspace`、`wooden-fish-workspace`、`puzzle-agent-workspace`、`bark-battle-workspace`、`visual-novel-agent-workspace`、`baby-object-match-workspace`，这些入口继续承接各玩法自己的表单、草稿恢复和后续编排，不作为创作入口页内容。
 
@@ -40,6 +40,8 @@ RPG Agent 结果页发布门禁展示由 `platformRpgAgentResultPreviewModel.ts`
 
 入口配置中的 `open=false` 表示关闭新建创作入口，不表示下架已有草稿、私有作品或公开作品。api-server 的入口熔断只允许拦截新建创作、新建草稿、首次生成入口和 Remix 成草稿等会产生新创作的请求；公开广场列表、公开详情、点赞、已发布作品启动、运行态过程请求、存档 / 浏览记录和已有作品回读不能因为创作入口关闭而返回 `creation_entry_disabled`。平台首页如果遇到旧服务端返回的 `creation_entry_disabled`，只能降级为空列表或隐藏入口，不弹平台级错误弹窗。
 
+公开作品点赞 / 改造是否开放不跟随入口 `open` 字段，而是读取 `GET /api/creation-entry/config` 的 `publicWorkInteractions`。后台可以按 `sourceType` 分别关闭点赞或改造并维护关闭提示；前端只据此关闭已接入的作品详情动作，尚未接入后端动作的玩法仍按实际能力矩阵返回不可用提示。api-server 对已接入的 RPG、自定义世界兼容路径、大鱼吃小鱼和拼图点赞 / 改造接口做同源熔断，关闭时返回 `public_work_interaction_disabled`，但公开列表、公开详情、已发布作品启动和运行态过程请求不受影响。
+
 创作入口页的关闭态卡片必须有明显差异：卡片禁用点击，展示后台配置的关闭态 badge 或 `暂未开放`，不再显示泥点消耗这类可创建成本提示；开放态卡片仍不显示普通 `可创建 / 可创作` badge。
 
 `PlatformEntryFlowShellImpl.tsx` 仍是平台入口编排壳，后续维护时应优先把独立 UI 片段、公开作品映射、草稿生成 notice 和运行态状态 helper 拆到 `src/components/platform-entry/PlatformEntryFlowShellImpl/` 或同目录紧邻 helper 文件。拆分只允许改变文件组织，不改变入口配置事实源、默认导出、props、页面阶段、UI 文案或现有交互；其中拼图首访 onboarding 已拆为 `PlatformEntryFlowShellImpl/PuzzleOnboardingView.tsx`。
diff --git a/packages/shared/src/contracts/auth.ts b/packages/shared/src/contracts/auth.ts
index ab3202d9..84eb89ca 100644
--- a/packages/shared/src/contracts/auth.ts
+++ b/packages/shared/src/contracts/auth.ts
@@ -156,8 +156,7 @@ export type AuthPhoneChangeResponse = {
 };
 
 export type AuthRefreshResponse = {
-  ok: true;
-  token?: string;
+  token: string;
 };
 
 export type AuthSessionSummary = {
diff --git a/server-rs/crates/api-server/src/admin.rs b/server-rs/crates/api-server/src/admin.rs
index f46342a7..e8943b71 100644
--- a/server-rs/crates/api-server/src/admin.rs
+++ b/server-rs/crates/api-server/src/admin.rs
@@ -26,7 +26,8 @@ use shared_contracts::admin::{
     AdminSessionPayload, AdminTrackingEventEntryPayload, AdminTrackingEventListQuery,
     AdminTrackingEventListResponse, AdminUpdateWorkVisibilityRequest,
     AdminUpdateWorkVisibilityResponse, AdminUpsertCreationEntryEventBannersRequest,
-    AdminUpsertCreationEntryTypeConfigRequest, AdminWorkVisibilityListResponse,
+    AdminUpsertCreationEntryTypeConfigRequest, AdminUpsertPublicWorkInteractionConfigRequest,
+    AdminWorkVisibilityListResponse,
 };
 use shared_contracts::creation_entry_config::{
     encode_unified_creation_spec_response, validate_unified_creation_spec_for_play,
@@ -212,14 +213,7 @@ pub async fn admin_get_creation_entry_config(
         .map_err(map_admin_spacetime_error)?;
     Ok(json_success_body(
         Some(&request_context),
-        AdminCreationEntryConfigResponse {
-            event_banners: config.event_banners,
-            entries: config
-                .creation_types
-                .into_iter()
-                .map(map_admin_creation_entry_type_config)
-                .collect(),
-        },
+        build_admin_creation_entry_config_response(config),
     ))
 }
 
@@ -237,14 +231,7 @@ pub async fn admin_upsert_creation_entry_config(
         .map_err(map_admin_spacetime_error)?;
     Ok(json_success_body(
         Some(&request_context),
-        AdminCreationEntryConfigResponse {
-            event_banners: config.event_banners,
-            entries: config
-                .creation_types
-                .into_iter()
-                .map(map_admin_creation_entry_type_config)
-                .collect(),
-        },
+        build_admin_creation_entry_config_response(config),
     ))
 }
 
@@ -268,14 +255,45 @@ pub async fn admin_upsert_creation_entry_event_banners_config(
         .map_err(map_admin_spacetime_error)?;
     Ok(json_success_body(
         Some(&request_context),
-        AdminCreationEntryConfigResponse {
-            event_banners: config.event_banners,
-            entries: config
-                .creation_types
-                .into_iter()
-                .map(map_admin_creation_entry_type_config)
-                .collect(),
-        },
+        build_admin_creation_entry_config_response(config),
+    ))
+}
+
+/// 保存公开作品详情页点赞 / 改造能力配置。
+pub async fn admin_upsert_public_work_interaction_config(
+    State(state): State<AppState>,
+    Extension(request_context): Extension<RequestContext>,
+    Extension(_admin): Extension<AuthenticatedAdmin>,
+    Json(payload): Json<AdminUpsertPublicWorkInteractionConfigRequest>,
+) -> Result<Json<Value>, AppError> {
+    let snapshots = payload
+        .public_work_interactions
+        .into_iter()
+        .map(
+            |entry| module_runtime::PublicWorkInteractionConfigSnapshot {
+                source_type: entry.source_type,
+                like_enabled: entry.like_enabled,
+                remix_enabled: entry.remix_enabled,
+                like_disabled_message: entry.like_disabled_message,
+                remix_disabled_message: entry.remix_disabled_message,
+            },
+        )
+        .collect::<Vec<_>>();
+    let public_work_interactions_json =
+        module_runtime::encode_public_work_interaction_config_snapshots(&snapshots)
+            .and_then(|json| module_runtime::normalize_public_work_interaction_config_json(&json))
+            .map_err(|error| AppError::from_status(StatusCode::BAD_REQUEST).with_message(error))?;
+    let config = state
+        .upsert_public_work_interaction_config(
+            module_runtime::PublicWorkInteractionConfigAdminUpsertInput {
+                public_work_interactions_json,
+            },
+        )
+        .await
+        .map_err(map_admin_spacetime_error)?;
+    Ok(json_success_body(
+        Some(&request_context),
+        build_admin_creation_entry_config_response(config),
     ))
 }
 
@@ -313,6 +331,20 @@ pub async fn admin_update_work_visibility(
     ))
 }
 
+fn build_admin_creation_entry_config_response(
+    config: shared_contracts::creation_entry_config::CreationEntryConfigResponse,
+) -> AdminCreationEntryConfigResponse {
+    AdminCreationEntryConfigResponse {
+        event_banners: config.event_banners,
+        public_work_interactions: config.public_work_interactions,
+        entries: config
+            .creation_types
+            .into_iter()
+            .map(map_admin_creation_entry_type_config)
+            .collect(),
+    }
+}
+
 fn map_admin_creation_entry_type_config(
     entry: shared_contracts::creation_entry_config::CreationEntryTypeResponse,
 ) -> AdminCreationEntryTypeConfigPayload {
diff --git a/server-rs/crates/api-server/src/app.rs b/server-rs/crates/api-server/src/app.rs
index d9b4b0e3..5e58ea9e 100644
--- a/server-rs/crates/api-server/src/app.rs
+++ b/server-rs/crates/api-server/src/app.rs
@@ -17,7 +17,9 @@ use tracing::{Level, Span, error, info_span};
 use crate::{
     auth::AuthenticatedAccessToken,
     backpressure::limit_concurrent_requests,
-    creation_entry_config::require_creation_entry_route_enabled,
+    creation_entry_config::{
+        require_creation_entry_route_enabled, require_public_work_interaction_enabled,
+    },
     error_middleware::normalize_error_response,
     http_error::AppError,
     modules,
@@ -57,6 +59,10 @@ pub fn build_router(state: AppState) -> Router {
             state.clone(),
             require_creation_entry_route_enabled,
         ))
+        .layer(middleware::from_fn_with_state(
+            state.clone(),
+            require_public_work_interaction_enabled,
+        ))
         // HTTP 背压在业务路由外侧快拒绝，避免过载请求继续占用 SpacetimeDB facade 与业务执行资源。
         .layer(middleware::from_fn_with_state(
             BackpressureState::from_ref(&state),
@@ -590,6 +596,37 @@ mod tests {
         );
     }
 
+    #[tokio::test]
+    async fn disabled_public_work_like_returns_service_unavailable() {
+        let state = AppState::new(AppConfig::default()).expect("state should build");
+        state.set_test_public_work_interaction_enabled(
+            "puzzle",
+            crate::creation_entry_config::PublicWorkInteractionAction::Like,
+            false,
+        );
+        let app = build_router(state);
+
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .method("POST")
+                    .uri("/api/runtime/puzzle/gallery/profile-1/like")
+                    .body(Body::empty())
+                    .expect("request should build"),
+            )
+            .await
+            .expect("request should succeed");
+
+        assert_eq!(response.status(), StatusCode::SERVICE_UNAVAILABLE);
+        let body = read_json_response(response).await;
+        assert_eq!(
+            body["error"]["details"]["reason"],
+            "public_work_interaction_disabled"
+        );
+        assert_eq!(body["error"]["details"]["sourceType"], "puzzle");
+        assert_eq!(body["error"]["details"]["action"], "like");
+    }
+
     #[tokio::test]
     async fn disabled_visual_novel_creation_route_returns_service_unavailable() {
         let app = build_router(AppState::new(AppConfig::default()).expect("state should build"));
@@ -4228,6 +4265,62 @@ mod tests {
         assert_eq!(response.status(), StatusCode::BAD_REQUEST);
     }
 
+    /// 中文注释：验证后台作品互动配置保存后回到同一份入口配置响应。
+    #[tokio::test]
+    async fn admin_public_work_interactions_route_saves_form_payload() {
+        let mut config = AppConfig::default();
+        config.admin_username = Some("root".to_string());
+        config.admin_password = Some("secret123".to_string());
+        let app = build_router(AppState::new(config).expect("state should build"));
+        let admin_token = read_admin_access_token(app.clone()).await;
+
+        let response = app
+            .oneshot(
+                Request::builder()
+                    .method("POST")
+                    .uri("/admin/api/creation-entry/config/interactions")
+                    .header("authorization", format!("Bearer {admin_token}"))
+                    .header("content-type", "application/json")
+                    .body(Body::from(
+                        serde_json::json!({
+                            "publicWorkInteractions": [
+                                {
+                                    "sourceType": "puzzle",
+                                    "likeEnabled": false,
+                                    "remixEnabled": true,
+                                    "likeDisabledMessage": "拼图点赞维护中。",
+                                    "remixDisabledMessage": "拼图作品改造暂不可用。"
+                                }
+                            ]
+                        })
+                        .to_string(),
+                    ))
+                    .expect("interactions request should build"),
+            )
+            .await
+            .expect("interactions request should succeed");
+
+        assert_eq!(response.status(), StatusCode::OK);
+        let body = response
+            .into_body()
+            .collect()
+            .await
+            .expect("interactions body should collect")
+            .to_bytes();
+        let payload: Value =
+            serde_json::from_slice(&body).expect("interactions payload should be json");
+        let puzzle = payload["publicWorkInteractions"]
+            .as_array()
+            .expect("interactions should be array")
+            .iter()
+            .find(|item| item["sourceType"] == "puzzle")
+            .expect("puzzle interaction should exist");
+
+        assert_eq!(puzzle["likeEnabled"], false);
+        assert_eq!(puzzle["remixEnabled"], true);
+        assert_eq!(puzzle["likeDisabledMessage"], "拼图点赞维护中。");
+    }
+
     #[tokio::test]
     async fn admin_debug_http_can_probe_healthz_when_authenticated() {
         let mut config = AppConfig::default();
diff --git a/server-rs/crates/api-server/src/creation_entry_config.rs b/server-rs/crates/api-server/src/creation_entry_config.rs
index 36639108..a1c191ba 100644
--- a/server-rs/crates/api-server/src/creation_entry_config.rs
+++ b/server-rs/crates/api-server/src/creation_entry_config.rs
@@ -17,6 +17,21 @@ use crate::{
     state::AppState,
 };
 
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+pub(crate) enum PublicWorkInteractionAction {
+    Like,
+    Remix,
+}
+
+impl PublicWorkInteractionAction {
+    fn as_str(self) -> &'static str {
+        match self {
+            Self::Like => "like",
+            Self::Remix => "remix",
+        }
+    }
+}
+
 /// 中文注释：入口配置由 SpacetimeDB 表提供；api-server 只负责读取同一份配置并熔断运行态路由。
 pub async fn get_creation_entry_config_handler(
     State(state): State<AppState>,
@@ -71,6 +86,68 @@ pub async fn require_creation_entry_route_enabled(
     next.run(request).await
 }
 
+/// 中文注释：公开作品互动配置只拦点赞 / 改造动作，不影响作品详情读取和正式游玩。
+pub async fn require_public_work_interaction_enabled(
+    State(state): State<AppState>,
+    request: Request<Body>,
+    next: Next,
+) -> Response {
+    let path = request.uri().path();
+    if let Some((source_type, action)) = resolve_public_work_interaction_route(path) {
+        match state
+            .is_public_work_interaction_enabled(source_type, action)
+            .await
+        {
+            Ok(true) => {}
+            Ok(false) => {
+                return AppError::from_status(StatusCode::SERVICE_UNAVAILABLE)
+                    .with_message("该作品互动暂不可用")
+                    .with_details(json!({
+                        "reason": "public_work_interaction_disabled",
+                        "sourceType": source_type,
+                        "action": action.as_str(),
+                    }))
+                    .into();
+            }
+            Err(error) => {
+                return AppError::from_status(StatusCode::BAD_GATEWAY)
+                    .with_message("读取作品互动配置失败")
+                    .with_details(json!({
+                        "provider": "spacetimedb",
+                        "message": error.to_string(),
+                    }))
+                    .into();
+            }
+        }
+    }
+
+    next.run(request).await
+}
+
+pub(crate) fn resolve_public_work_interaction_route(
+    path: &str,
+) -> Option<(&'static str, PublicWorkInteractionAction)> {
+    let action = if path.ends_with("/like") {
+        PublicWorkInteractionAction::Like
+    } else if path.ends_with("/remix") {
+        PublicWorkInteractionAction::Remix
+    } else {
+        return None;
+    };
+
+    if path.starts_with("/api/runtime/custom-world-gallery/") {
+        return Some(("custom-world", action));
+    }
+    if path.starts_with("/api/runtime/big-fish/gallery/") {
+        return Some(("big-fish", action));
+    }
+    if path.starts_with("/api/runtime/puzzle/gallery/") {
+        return Some(("puzzle", action));
+    }
+
+    None
+}
+
 pub(crate) fn resolve_creation_entry_mud_point_cost_from_config(
     config: &CreationEntryConfigResponse,
     creation_type_id: &str,
@@ -142,6 +219,9 @@ pub(crate) fn default_creation_entry_config_response() -> CreationEntryConfigRes
         event_banners_json: Some(module_runtime::default_creation_entry_event_banners_json()),
         creation_types: module_runtime::default_creation_entry_type_snapshots(0),
         updated_at_micros: 0,
+        public_work_interactions_json: Some(
+            module_runtime::default_public_work_interaction_config_json(),
+        ),
     })
 }
 
@@ -242,6 +322,28 @@ mod tests {
         assert_eq!(resolve_creation_entry_route_id("/healthz"), None);
     }
 
+    #[test]
+    fn resolves_public_work_interaction_routes() {
+        assert_eq!(
+            resolve_public_work_interaction_route("/api/runtime/puzzle/gallery/profile-1/like"),
+            Some(("puzzle", PublicWorkInteractionAction::Like)),
+        );
+        assert_eq!(
+            resolve_public_work_interaction_route(
+                "/api/runtime/custom-world-gallery/user-1/profile-1/remix"
+            ),
+            Some(("custom-world", PublicWorkInteractionAction::Remix)),
+        );
+        assert_eq!(
+            resolve_public_work_interaction_route("/api/runtime/puzzle/gallery/profile-1"),
+            None,
+        );
+        assert_eq!(
+            resolve_public_work_interaction_route("/api/runtime/wooden-fish/runs/run-1"),
+            None,
+        );
+    }
+
     #[test]
     fn resolves_mud_point_cost_from_unified_creation_spec() {
         let mut config = test_creation_entry_config_response();
diff --git a/server-rs/crates/api-server/src/modules/admin.rs b/server-rs/crates/api-server/src/modules/admin.rs
index e572061e..316de4d3 100644
--- a/server-rs/crates/api-server/src/modules/admin.rs
+++ b/server-rs/crates/api-server/src/modules/admin.rs
@@ -9,7 +9,7 @@ use crate::{
         admin_list_database_tables, admin_list_tracking_events, admin_list_work_visibility,
         admin_login, admin_me, admin_overview, admin_update_work_visibility,
         admin_upsert_creation_entry_config, admin_upsert_creation_entry_event_banners_config,
-        require_admin_auth,
+        admin_upsert_public_work_interaction_config, require_admin_auth,
     },
     runtime_profile::{
         admin_disable_profile_redeem_code, admin_disable_profile_task_config,
@@ -81,6 +81,12 @@ pub fn router(state: AppState) -> Router<AppState> {
                 middleware::from_fn_with_state(state.clone(), require_admin_auth),
             ),
         )
+        .route(
+            "/admin/api/creation-entry/config/interactions",
+            post(admin_upsert_public_work_interaction_config).route_layer(
+                middleware::from_fn_with_state(state.clone(), require_admin_auth),
+            ),
+        )
         .route(
             "/admin/api/works/visibility",
             get(admin_list_work_visibility)
diff --git a/server-rs/crates/api-server/src/state.rs b/server-rs/crates/api-server/src/state.rs
index 3858914a..d8882747 100644
--- a/server-rs/crates/api-server/src/state.rs
+++ b/server-rs/crates/api-server/src/state.rs
@@ -559,6 +559,44 @@ impl AppState {
         }
     }
 
+    /// 通过 SpacetimeDB 保存公开作品互动配置，并同步测试缓存。
+    pub async fn upsert_public_work_interaction_config(
+        &self,
+        input: module_runtime::PublicWorkInteractionConfigAdminUpsertInput,
+    ) -> Result<CreationEntryConfigResponse, SpacetimeClientError> {
+        #[cfg(test)]
+        let test_interactions_json = input.public_work_interactions_json.clone();
+        match self
+            .spacetime_client
+            .upsert_public_work_interaction_config(input)
+            .await
+        {
+            Ok(config) => {
+                #[cfg(test)]
+                self.cache_test_creation_entry_config(config.clone());
+                Ok(config)
+            }
+            #[cfg(test)]
+            Err(_) => {
+                let mut config = self.read_test_creation_entry_config();
+                if let Ok(interactions) =
+                    module_runtime::decode_public_work_interaction_config_snapshots(
+                        test_interactions_json.as_str(),
+                    )
+                {
+                    config.public_work_interactions = interactions
+                        .into_iter()
+                        .map(module_runtime::build_public_work_interaction_config_response)
+                        .collect();
+                    self.cache_test_creation_entry_config(config.clone());
+                }
+                Ok(config)
+            }
+            #[cfg(not(test))]
+            Err(error) => Err(error),
+        }
+    }
+
     pub async fn get_creation_entry_config(
         &self,
     ) -> Result<CreationEntryConfigResponse, SpacetimeClientError> {
@@ -619,6 +657,53 @@ impl AppState {
             .unwrap_or(true))
     }
 
+    pub async fn is_public_work_interaction_enabled(
+        &self,
+        source_type: &str,
+        action: crate::creation_entry_config::PublicWorkInteractionAction,
+    ) -> Result<bool, SpacetimeClientError> {
+        let config = self.get_creation_entry_config().await?;
+        Ok(config
+            .public_work_interactions
+            .iter()
+            .find(|item| item.source_type == source_type)
+            .map(|item| match action {
+                crate::creation_entry_config::PublicWorkInteractionAction::Like => {
+                    item.like_enabled
+                }
+                crate::creation_entry_config::PublicWorkInteractionAction::Remix => {
+                    item.remix_enabled
+                }
+            })
+            .unwrap_or(true))
+    }
+
+    #[cfg(test)]
+    pub(crate) fn set_test_public_work_interaction_enabled(
+        &self,
+        source_type: impl AsRef<str>,
+        action: crate::creation_entry_config::PublicWorkInteractionAction,
+        enabled: bool,
+    ) {
+        let source_type = source_type.as_ref();
+        let mut config = self.read_test_creation_entry_config();
+        if let Some(item) = config
+            .public_work_interactions
+            .iter_mut()
+            .find(|item| item.source_type == source_type)
+        {
+            match action {
+                crate::creation_entry_config::PublicWorkInteractionAction::Like => {
+                    item.like_enabled = enabled;
+                }
+                crate::creation_entry_config::PublicWorkInteractionAction::Remix => {
+                    item.remix_enabled = enabled;
+                }
+            }
+        }
+        self.cache_test_creation_entry_config(config);
+    }
+
     #[cfg(test)]
     pub(crate) fn set_test_creation_entry_route_enabled(
         &self,
diff --git a/server-rs/crates/module-runtime/src/application.rs b/server-rs/crates/module-runtime/src/application.rs
index 63e897de..2c819e4b 100644
--- a/server-rs/crates/module-runtime/src/application.rs
+++ b/server-rs/crates/module-runtime/src/application.rs
@@ -11,7 +11,7 @@ use crate::errors::RuntimeProfileFieldError;
 use crate::format_utc_micros;
 use shared_contracts::creation_entry_config::{
     CreationEntryConfigResponse, CreationEntryEventBannerResponse, CreationEntryStartCardResponse,
-    CreationEntryTypeModalResponse, CreationEntryTypeResponse,
+    CreationEntryTypeModalResponse, CreationEntryTypeResponse, PublicWorkInteractionConfigResponse,
     encode_unified_creation_spec_response, resolve_unified_creation_spec_response,
 };
 
@@ -27,6 +27,9 @@ pub fn build_creation_entry_config_response(
         .first()
         .cloned()
         .unwrap_or_else(|| build_creation_entry_event_banner_response(snapshot.event_banner));
+    let public_work_interactions = resolve_public_work_interaction_config_responses(
+        snapshot.public_work_interactions_json.as_deref(),
+    );
 
     CreationEntryConfigResponse {
         start_card: CreationEntryStartCardResponse {
@@ -41,6 +44,7 @@ pub fn build_creation_entry_config_response(
         },
         event_banner,
         event_banners,
+        public_work_interactions,
         creation_types: snapshot
             .creation_types
             .into_iter()
@@ -69,6 +73,223 @@ pub fn build_creation_entry_config_response(
     }
 }
 
+/// 返回公开作品点赞 / 改造默认矩阵，保持历史前端硬编码能力不变。
+pub fn default_public_work_interaction_config_snapshots() -> Vec<PublicWorkInteractionConfigSnapshot>
+{
+    vec![
+        public_work_interaction_config(
+            "custom-world",
+            true,
+            true,
+            "RPG 作品暂不支持点赞。",
+            "RPG 作品暂不支持改造。",
+        ),
+        public_work_interaction_config(
+            "big-fish",
+            true,
+            true,
+            "摸鱼点赞暂不可用。",
+            "摸鱼作品改造暂不可用。",
+        ),
+        public_work_interaction_config(
+            "puzzle",
+            true,
+            true,
+            "拼图点赞暂不可用。",
+            "拼图作品改造暂不可用。",
+        ),
+        public_work_interaction_config(
+            "puzzle-clear",
+            false,
+            false,
+            "拼消消点赞将在后续版本开放。",
+            "拼消消作品改造将在后续版本开放。",
+        ),
+        public_work_interaction_config(
+            "jump-hop",
+            false,
+            false,
+            "作品类型 jump-hop 暂不支持点赞。",
+            "跳一跳作品改造将在后续版本开放。",
+        ),
+        public_work_interaction_config(
+            "wooden-fish",
+            false,
+            false,
+            "作品类型 wooden-fish 暂不支持点赞。",
+            "敲木鱼作品改造将在后续版本开放。",
+        ),
+        public_work_interaction_config(
+            "match3d",
+            false,
+            false,
+            "作品类型 match3d 暂不支持点赞。",
+            "抓大鹅作品改造将在后续版本开放。",
+        ),
+        public_work_interaction_config(
+            "square-hole",
+            false,
+            false,
+            "方洞挑战点赞将在后续版本开放。",
+            "方洞挑战作品改造将在后续版本开放。",
+        ),
+        public_work_interaction_config(
+            "visual-novel",
+            false,
+            false,
+            "视觉小说点赞将在后续版本开放。",
+            "视觉小说作品改造将在后续版本开放。",
+        ),
+        public_work_interaction_config(
+            "bark-battle",
+            false,
+            false,
+            "汪汪声浪点赞将在后续版本开放。",
+            "汪汪声浪作品改造将在后续版本开放。",
+        ),
+        public_work_interaction_config(
+            "edutainment",
+            false,
+            false,
+            "宝贝识物点赞将在后续版本开放。",
+            "宝贝识物作品改造将在创作链路接入后开放。",
+        ),
+    ]
+}
+
+fn public_work_interaction_config(
+    source_type: &str,
+    like_enabled: bool,
+    remix_enabled: bool,
+    like_disabled_message: &str,
+    remix_disabled_message: &str,
+) -> PublicWorkInteractionConfigSnapshot {
+    PublicWorkInteractionConfigSnapshot {
+        source_type: source_type.to_string(),
+        like_enabled,
+        remix_enabled,
+        like_disabled_message: like_disabled_message.to_string(),
+        remix_disabled_message: remix_disabled_message.to_string(),
+    }
+}
+
+/// 生成默认公开作品互动配置 JSON，供 SpacetimeDB 表字段持久化。
+pub fn default_public_work_interaction_config_json() -> String {
+    encode_public_work_interaction_config_snapshots(
+        &default_public_work_interaction_config_snapshots(),
+    )
+    .unwrap_or_else(|_| "[]".to_string())
+}
+
+/// 校验并归一后台公开作品互动配置 JSON。
+pub fn normalize_public_work_interaction_config_json(input: &str) -> Result<String, String> {
+    let trimmed = input.trim();
+    if trimmed.is_empty() {
+        return Ok(default_public_work_interaction_config_json());
+    }
+
+    let configs = decode_public_work_interaction_config_snapshots(trimmed)?;
+    encode_public_work_interaction_config_snapshots(&configs)
+}
+
+/// 解析公开作品互动配置 JSON，并补齐缺失 sourceType 的默认项。
+pub fn decode_public_work_interaction_config_snapshots(
+    input: &str,
+) -> Result<Vec<PublicWorkInteractionConfigSnapshot>, String> {
+    let raw_entries = serde_json::from_str::<Vec<PublicWorkInteractionConfigResponse>>(input)
+        .map_err(|error| format!("作品互动配置 JSON 非法：{error}"))?;
+    if raw_entries.len() > PUBLIC_WORK_INTERACTION_CONFIG_MAX_COUNT {
+        return Err(format!(
+            "作品互动配置最多允许 {} 条",
+            PUBLIC_WORK_INTERACTION_CONFIG_MAX_COUNT
+        ));
+    }
+
+    let defaults = default_public_work_interaction_config_snapshots();
+    let default_by_source = defaults
+        .iter()
+        .map(|item| (item.source_type.clone(), item.clone()))
+        .collect::<BTreeMap<_, _>>();
+    let mut overrides = BTreeMap::<String, PublicWorkInteractionConfigSnapshot>::new();
+
+    for (index, entry) in raw_entries.into_iter().enumerate() {
+        let source_type = entry.source_type.trim().to_string();
+        let Some(default_entry) = default_by_source.get(&source_type) else {
+            return Err(format!("第 {} 条作品类型非法：{}", index + 1, source_type));
+        };
+        if overrides.contains_key(&source_type) {
+            return Err(format!("作品互动配置 sourceType 重复：{source_type}"));
+        }
+        overrides.insert(
+            source_type.clone(),
+            PublicWorkInteractionConfigSnapshot {
+                source_type,
+                like_enabled: entry.like_enabled,
+                remix_enabled: entry.remix_enabled,
+                like_disabled_message: normalize_interaction_message(
+                    entry.like_disabled_message,
+                    &default_entry.like_disabled_message,
+                ),
+                remix_disabled_message: normalize_interaction_message(
+                    entry.remix_disabled_message,
+                    &default_entry.remix_disabled_message,
+                ),
+            },
+        );
+    }
+
+    Ok(defaults
+        .into_iter()
+        .map(|item| overrides.remove(&item.source_type).unwrap_or(item))
+        .collect())
+}
+
+fn normalize_interaction_message(value: String, fallback: &str) -> String {
+    let trimmed = value.trim();
+    if trimmed.is_empty() {
+        fallback.to_string()
+    } else {
+        trimmed.to_string()
+    }
+}
+
+/// 把公开作品互动领域快照编码为稳定 JSON。
+pub fn encode_public_work_interaction_config_snapshots(
+    configs: &[PublicWorkInteractionConfigSnapshot],
+) -> Result<String, String> {
+    let responses = configs
+        .iter()
+        .cloned()
+        .map(build_public_work_interaction_config_response)
+        .collect::<Vec<_>>();
+    serde_json::to_string_pretty(&responses)
+        .map_err(|error| format!("作品互动配置 JSON 序列化失败：{error}"))
+}
+
+/// 根据持久化 JSON 得到前台可消费的公开作品互动矩阵。
+pub fn resolve_public_work_interaction_config_responses(
+    public_work_interactions_json: Option<&str>,
+) -> Vec<PublicWorkInteractionConfigResponse> {
+    public_work_interactions_json
+        .and_then(|raw| decode_public_work_interaction_config_snapshots(raw).ok())
+        .unwrap_or_else(default_public_work_interaction_config_snapshots)
+        .into_iter()
+        .map(build_public_work_interaction_config_response)
+        .collect()
+}
+
+pub fn build_public_work_interaction_config_response(
+    config: PublicWorkInteractionConfigSnapshot,
+) -> PublicWorkInteractionConfigResponse {
+    PublicWorkInteractionConfigResponse {
+        source_type: config.source_type,
+        like_enabled: config.like_enabled,
+        remix_enabled: config.remix_enabled,
+        like_disabled_message: config.like_disabled_message,
+        remix_disabled_message: config.remix_disabled_message,
+    }
+}
+
 /// 返回平台默认公告配置，用于空库种子和旧库兜底。
 pub fn default_creation_entry_event_banner_snapshots() -> Vec<CreationEntryEventBannerSnapshot> {
     vec![CreationEntryEventBannerSnapshot {
diff --git a/server-rs/crates/module-runtime/src/domain.rs b/server-rs/crates/module-runtime/src/domain.rs
index 32e6a1b7..9ba272cd 100644
--- a/server-rs/crates/module-runtime/src/domain.rs
+++ b/server-rs/crates/module-runtime/src/domain.rs
@@ -65,6 +65,8 @@ pub const DEFAULT_CREATION_ENTRY_EVENT_ENDS_AT_TEXT: &str = "2024.11.20 23:59";
 pub const CREATION_ENTRY_EVENT_BANNERS_MAX_COUNT: usize = 8;
 /// 单条 HTML 公告的代码大小上限，避免后台误贴超大片段拖慢入口页。
 pub const CREATION_ENTRY_EVENT_BANNER_HTML_CODE_MAX_BYTES: usize = 12_000;
+/// 公开作品互动配置最多允许覆盖的 sourceType 数量。
+pub const PUBLIC_WORK_INTERACTION_CONFIG_MAX_COUNT: usize = 32;
 
 #[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
@@ -96,6 +98,17 @@ pub struct CreationEntryEventBannerSnapshot {
     pub html_code: Option<String>,
 }
 
+/// 单类公开作品互动配置，控制作品详情页点赞 / 改造入口与后端动作熔断。
+#[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct PublicWorkInteractionConfigSnapshot {
+    pub source_type: String,
+    pub like_enabled: bool,
+    pub remix_enabled: bool,
+    pub like_disabled_message: String,
+    pub remix_disabled_message: String,
+}
+
 #[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
 pub struct CreationEntryTypeSnapshot {
@@ -126,6 +139,8 @@ pub struct CreationEntryConfigSnapshot {
     pub event_banners_json: Option<String>,
     pub creation_types: Vec<CreationEntryTypeSnapshot>,
     pub updated_at_micros: i64,
+    /// 公开作品点赞 / 改造能力 JSON 配置；旧库为空时由应用层兜底。
+    pub public_work_interactions_json: Option<String>,
 }
 
 #[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
@@ -153,6 +168,14 @@ pub struct CreationEntryEventBannersAdminUpsertInput {
     pub event_banners_json: String,
 }
 
+/// 后台保存公开作品互动能力表单序列化结果的领域输入。
+#[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct PublicWorkInteractionConfigAdminUpsertInput {
+    /// 持久化字段沿用 JSON 字符串，内容由后台表单生成。
+    pub public_work_interactions_json: String,
+}
+
 #[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
 pub struct CreationEntryConfigProcedureResult {
diff --git a/server-rs/crates/module-runtime/src/lib.rs b/server-rs/crates/module-runtime/src/lib.rs
index 3243177f..e4b727b1 100644
--- a/server-rs/crates/module-runtime/src/lib.rs
+++ b/server-rs/crates/module-runtime/src/lib.rs
@@ -531,6 +531,7 @@ mod tests {
                 ),
             }],
             updated_at_micros: 1,
+            public_work_interactions_json: Some(default_public_work_interaction_config_json()),
         });
         let puzzle = response
             .creation_types
@@ -547,6 +548,37 @@ mod tests {
         );
     }
 
+    #[test]
+    fn public_work_interaction_config_defaults_and_overrides() {
+        let defaults = resolve_public_work_interaction_config_responses(None);
+        let puzzle = defaults
+            .iter()
+            .find(|item| item.source_type == "puzzle")
+            .expect("puzzle interaction should exist");
+        assert!(puzzle.like_enabled);
+        assert!(puzzle.remix_enabled);
+
+        let normalized = normalize_public_work_interaction_config_json(
+            r#"[{
+                "sourceType": "puzzle",
+                "likeEnabled": false,
+                "remixEnabled": true,
+                "likeDisabledMessage": "拼图点赞维护中。",
+                "remixDisabledMessage": ""
+            }]"#,
+        )
+        .expect("interaction config should normalize");
+        let resolved = resolve_public_work_interaction_config_responses(Some(&normalized));
+        let puzzle = resolved
+            .iter()
+            .find(|item| item.source_type == "puzzle")
+            .expect("puzzle interaction should exist");
+
+        assert!(!puzzle.like_enabled);
+        assert_eq!(puzzle.like_disabled_message, "拼图点赞维护中。");
+        assert_eq!(puzzle.remix_disabled_message, "拼图作品改造暂不可用。");
+    }
+
     #[test]
     fn normalized_clamps_music_volume_into_valid_range() {
         let low = RuntimeSettings::normalized(-1.0, RuntimePlatformTheme::Light);
diff --git a/server-rs/crates/shared-contracts/src/admin.rs b/server-rs/crates/shared-contracts/src/admin.rs
index b800c998..4820d003 100644
--- a/server-rs/crates/shared-contracts/src/admin.rs
+++ b/server-rs/crates/shared-contracts/src/admin.rs
@@ -1,7 +1,10 @@
 use serde::{Deserialize, Serialize};
 use serde_json::Value;
 
-use crate::creation_entry_config::{CreationEntryEventBannerResponse, UnifiedCreationSpecResponse};
+use crate::creation_entry_config::{
+    CreationEntryEventBannerResponse, PublicWorkInteractionConfigResponse,
+    UnifiedCreationSpecResponse,
+};
 
 // 管理后台协议统一收口在 shared-contracts，避免页面脚本和 Rust handler 各自手拼字段。
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
@@ -20,6 +23,8 @@ pub struct AdminCreationEntryConfigResponse {
     pub entries: Vec<AdminCreationEntryTypeConfigPayload>,
     /// 底部加号创作入口页的后台公告列表。
     pub event_banners: Vec<CreationEntryEventBannerResponse>,
+    /// 公开作品详情页点赞 / 改造能力配置。
+    pub public_work_interactions: Vec<PublicWorkInteractionConfigResponse>,
 }
 
 /// 后台单个创作入口开关配置。
@@ -69,6 +74,13 @@ pub struct AdminUpsertCreationEntryEventBannersRequest {
     pub event_banners_json: String,
 }
 
+/// 后台保存公开作品点赞 / 改造能力配置请求。
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct AdminUpsertPublicWorkInteractionConfigRequest {
+    pub public_work_interactions: Vec<PublicWorkInteractionConfigResponse>,
+}
+
 /// 后台作品可见性列表项。
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(rename_all = "camelCase")]
diff --git a/server-rs/crates/shared-contracts/src/creation_entry_config.rs b/server-rs/crates/shared-contracts/src/creation_entry_config.rs
index c85dc133..b3d0e91d 100644
--- a/server-rs/crates/shared-contracts/src/creation_entry_config.rs
+++ b/server-rs/crates/shared-contracts/src/creation_entry_config.rs
@@ -12,6 +12,7 @@ pub struct CreationEntryConfigResponse {
     pub type_modal: CreationEntryTypeModalResponse,
     pub event_banner: CreationEntryEventBannerResponse,
     pub event_banners: Vec<CreationEntryEventBannerResponse>,
+    pub public_work_interactions: Vec<PublicWorkInteractionConfigResponse>,
     pub creation_types: Vec<CreationEntryTypeResponse>,
 }
 
@@ -57,6 +58,20 @@ pub fn default_creation_entry_event_banner_render_mode() -> String {
     "structured".to_string()
 }
 
+/// 单类公开作品互动能力配置。
+///
+/// 后台可以关闭已接入的点赞 / 改造能力；未接入后端动作的玩法即使误开，
+/// 前端仍会按实际能力矩阵返回不可用提示。
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct PublicWorkInteractionConfigResponse {
+    pub source_type: String,
+    pub like_enabled: bool,
+    pub remix_enabled: bool,
+    pub like_disabled_message: String,
+    pub remix_disabled_message: String,
+}
+
 /// 单个创作模板入口配置，决定底部加号入口中的分类、排序和开放状态。
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq)]
 #[serde(rename_all = "camelCase")]
@@ -547,6 +562,13 @@ mod tests {
                 render_mode: "html".to_string(),
                 html_code: Some("<section>ok</section>".to_string()),
             }],
+            public_work_interactions: vec![PublicWorkInteractionConfigResponse {
+                source_type: "puzzle".to_string(),
+                like_enabled: true,
+                remix_enabled: true,
+                like_disabled_message: "拼图点赞暂不可用。".to_string(),
+                remix_disabled_message: "拼图作品改造暂不可用。".to_string(),
+            }],
             creation_types: Vec::new(),
         };
         let value = serde_json::to_value(response).expect("response should serialize");
@@ -558,5 +580,6 @@ mod tests {
         );
         assert!(value.get("event_banner").is_none());
         assert!(value.get("eventBanner").is_some());
+        assert_eq!(value["publicWorkInteractions"][0]["sourceType"], "puzzle");
     }
 }
diff --git a/server-rs/crates/spacetime-client/src/mapper/runtime.rs b/server-rs/crates/spacetime-client/src/mapper/runtime.rs
index 47efee78..c6ccfb00 100644
--- a/server-rs/crates/spacetime-client/src/mapper/runtime.rs
+++ b/server-rs/crates/spacetime-client/src/mapper/runtime.rs
@@ -30,6 +30,17 @@ impl From<module_runtime::CreationEntryEventBannersAdminUpsertInput>
     }
 }
 
+/// 将业务层公开作品互动配置保存输入转换为 SpacetimeDB 生成绑定类型。
+impl From<module_runtime::PublicWorkInteractionConfigAdminUpsertInput>
+    for PublicWorkInteractionConfigAdminUpsertInput
+{
+    fn from(input: module_runtime::PublicWorkInteractionConfigAdminUpsertInput) -> Self {
+        Self {
+            public_work_interactions_json: input.public_work_interactions_json,
+        }
+    }
+}
+
 impl From<module_runtime::AdminWorkVisibilityListInput> for AdminWorkVisibilityListInput {
     fn from(input: module_runtime::AdminWorkVisibilityListInput) -> Self {
         Self {
@@ -323,6 +334,7 @@ pub(crate) fn build_creation_entry_config_record_from_rows(
                 })
                 .collect(),
             updated_at_micros: header.updated_at.to_micros_since_unix_epoch(),
+            public_work_interactions_json: header.public_work_interactions_json,
         },
     )
 }
@@ -376,6 +388,7 @@ fn map_creation_entry_config_snapshot(
             })
             .collect(),
         updated_at_micros: snapshot.updated_at_micros,
+        public_work_interactions_json: snapshot.public_work_interactions_json,
     }
 }
 
@@ -432,6 +445,7 @@ mod tests {
             event_starts_at_text: None,
             event_ends_at_text: None,
             event_banners_json: None,
+            public_work_interactions_json: None,
         }
     }
 
@@ -514,6 +528,7 @@ mod tests {
                 unified_creation_spec_json: None,
             }],
             updated_at_micros: 1_000_000,
+            public_work_interactions_json: None,
         });
 
         let jump_hop = record
diff --git a/server-rs/crates/spacetime-client/src/module_bindings.rs b/server-rs/crates/spacetime-client/src/module_bindings.rs
index d2ac5477..cb53cae4 100644
--- a/server-rs/crates/spacetime-client/src/module_bindings.rs
+++ b/server-rs/crates/spacetime-client/src/module_bindings.rs
@@ -591,6 +591,7 @@ pub mod public_work_detail_entry_table;
 pub mod public_work_detail_entry_type;
 pub mod public_work_gallery_entry_table;
 pub mod public_work_gallery_entry_type;
+pub mod public_work_interaction_config_admin_upsert_input_type;
 pub mod public_work_like_table;
 pub mod public_work_like_type;
 pub mod public_work_play_daily_stat_table;
@@ -1022,6 +1023,7 @@ pub mod upsert_custom_world_profile_reducer;
 pub mod upsert_npc_state_and_return_procedure;
 pub mod upsert_npc_state_reducer;
 pub mod upsert_platform_browse_history_and_return_procedure;
+pub mod upsert_public_work_interaction_config_procedure;
 pub mod upsert_runtime_setting_and_return_procedure;
 pub mod upsert_runtime_snapshot_and_return_procedure;
 pub mod upsert_visual_novel_run_snapshot_procedure;
@@ -1697,6 +1699,7 @@ pub use public_work_detail_entry_table::*;
 pub use public_work_detail_entry_type::PublicWorkDetailEntry;
 pub use public_work_gallery_entry_table::*;
 pub use public_work_gallery_entry_type::PublicWorkGalleryEntry;
+pub use public_work_interaction_config_admin_upsert_input_type::PublicWorkInteractionConfigAdminUpsertInput;
 pub use public_work_like_table::*;
 pub use public_work_like_type::PublicWorkLike;
 pub use public_work_play_daily_stat_table::*;
@@ -2128,6 +2131,7 @@ pub use upsert_custom_world_profile_reducer::upsert_custom_world_profile;
 pub use upsert_npc_state_and_return_procedure::upsert_npc_state_and_return;
 pub use upsert_npc_state_reducer::upsert_npc_state;
 pub use upsert_platform_browse_history_and_return_procedure::upsert_platform_browse_history_and_return;
+pub use upsert_public_work_interaction_config_procedure::upsert_public_work_interaction_config;
 pub use upsert_runtime_setting_and_return_procedure::upsert_runtime_setting_and_return;
 pub use upsert_runtime_snapshot_and_return_procedure::upsert_runtime_snapshot_and_return;
 pub use upsert_visual_novel_run_snapshot_procedure::upsert_visual_novel_run_snapshot;
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/creation_entry_config_snapshot_type.rs b/server-rs/crates/spacetime-client/src/module_bindings/creation_entry_config_snapshot_type.rs
index 5c4c173f..572fbc6e 100644
--- a/server-rs/crates/spacetime-client/src/module_bindings/creation_entry_config_snapshot_type.rs
+++ b/server-rs/crates/spacetime-client/src/module_bindings/creation_entry_config_snapshot_type.rs
@@ -19,6 +19,7 @@ pub struct CreationEntryConfigSnapshot {
     pub event_banners_json: Option<String>,
     pub creation_types: Vec<CreationEntryTypeSnapshot>,
     pub updated_at_micros: i64,
+    pub public_work_interactions_json: Option<String>,
 }
 
 impl __sdk::InModule for CreationEntryConfigSnapshot {
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/creation_entry_config_type.rs b/server-rs/crates/spacetime-client/src/module_bindings/creation_entry_config_type.rs
index 301d2afb..7bcaf5ec 100644
--- a/server-rs/crates/spacetime-client/src/module_bindings/creation_entry_config_type.rs
+++ b/server-rs/crates/spacetime-client/src/module_bindings/creation_entry_config_type.rs
@@ -22,6 +22,7 @@ pub struct CreationEntryConfig {
     pub event_starts_at_text: Option<String>,
     pub event_ends_at_text: Option<String>,
     pub event_banners_json: Option<String>,
+    pub public_work_interactions_json: Option<String>,
 }
 
 impl __sdk::InModule for CreationEntryConfig {
@@ -47,6 +48,8 @@ pub struct CreationEntryConfigCols {
     pub event_starts_at_text: __sdk::__query_builder::Col<CreationEntryConfig, Option<String>>,
     pub event_ends_at_text: __sdk::__query_builder::Col<CreationEntryConfig, Option<String>>,
     pub event_banners_json: __sdk::__query_builder::Col<CreationEntryConfig, Option<String>>,
+    pub public_work_interactions_json:
+        __sdk::__query_builder::Col<CreationEntryConfig, Option<String>>,
 }
 
 impl __sdk::__query_builder::HasCols for CreationEntryConfig {
@@ -77,6 +80,10 @@ impl __sdk::__query_builder::HasCols for CreationEntryConfig {
             ),
             event_ends_at_text: __sdk::__query_builder::Col::new(table_name, "event_ends_at_text"),
             event_banners_json: __sdk::__query_builder::Col::new(table_name, "event_banners_json"),
+            public_work_interactions_json: __sdk::__query_builder::Col::new(
+                table_name,
+                "public_work_interactions_json",
+            ),
         }
     }
 }
diff --git a/server-rs/crates/spacetime-client/src/runtime.rs b/server-rs/crates/spacetime-client/src/runtime.rs
index db2e0e73..4ef8de57 100644
--- a/server-rs/crates/spacetime-client/src/runtime.rs
+++ b/server-rs/crates/spacetime-client/src/runtime.rs
@@ -115,6 +115,34 @@ impl SpacetimeClient {
         Ok(config)
     }
 
+    /// 调用 SpacetimeDB procedure 保存公开作品互动配置并刷新缓存。
+    pub async fn upsert_public_work_interaction_config(
+        &self,
+        input: module_runtime::PublicWorkInteractionConfigAdminUpsertInput,
+    ) -> Result<CreationEntryConfigRecord, SpacetimeClientError> {
+        let procedure_input: PublicWorkInteractionConfigAdminUpsertInput = input.into();
+        let config = self
+            .call_after_connect(
+                "upsert_public_work_interaction_config",
+                move |connection, sender| {
+                    connection
+                        .procedures()
+                        .upsert_public_work_interaction_config_then(
+                            procedure_input,
+                            move |_, result| {
+                                let mapped = result
+                                    .map_err(SpacetimeClientError::from_sdk_error)
+                                    .and_then(map_creation_entry_config_procedure_result);
+                                send_once(&sender, mapped);
+                            },
+                        );
+                },
+            )
+            .await?;
+        self.cache_creation_entry_config(config.clone()).await;
+        Ok(config)
+    }
+
     pub async fn admin_list_work_visibility(
         &self,
         admin_user_id: String,
diff --git a/server-rs/crates/spacetime-module/src/migration.rs b/server-rs/crates/spacetime-module/src/migration.rs
index 3ffb61c3..6f249e3b 100644
--- a/server-rs/crates/spacetime-module/src/migration.rs
+++ b/server-rs/crates/spacetime-module/src/migration.rs
@@ -1193,6 +1193,9 @@ fn normalize_migration_row(table_name: &str, value: &serde_json::Value) -> serde
             object
                 .entry("event_banners_json".to_string())
                 .or_insert(serde_json::Value::Null);
+            object
+                .entry("public_work_interactions_json".to_string())
+                .or_insert(serde_json::Value::Null);
         }
     }
     if table_name == "creation_entry_type_config" {
diff --git a/server-rs/crates/spacetime-module/src/runtime/creation_entry_config.rs b/server-rs/crates/spacetime-module/src/runtime/creation_entry_config.rs
index 232fc1e3..260f4994 100644
--- a/server-rs/crates/spacetime-module/src/runtime/creation_entry_config.rs
+++ b/server-rs/crates/spacetime-module/src/runtime/creation_entry_config.rs
@@ -26,6 +26,9 @@ pub struct CreationEntryConfig {
     /// 底部加号创作入口页的多 banner JSON 配置，旧单条字段仅用于兼容。
     #[default(None::<String>)]
     pub(crate) event_banners_json: Option<String>,
+    /// 公开作品点赞 / 改造能力配置，旧库为空时由读取层按默认矩阵兜底。
+    #[default(None::<String>)]
+    pub(crate) public_work_interactions_json: Option<String>,
 }
 
 #[spacetimedb::table(
@@ -109,6 +112,26 @@ pub fn upsert_creation_entry_event_banners_config(
     }
 }
 
+#[spacetimedb::procedure]
+/// 后台保存公开作品点赞 / 改造能力配置的过程入口。
+pub fn upsert_public_work_interaction_config(
+    ctx: &mut ProcedureContext,
+    input: PublicWorkInteractionConfigAdminUpsertInput,
+) -> CreationEntryConfigProcedureResult {
+    match ctx.try_with_tx(|tx| upsert_public_work_interaction_config_in_tx(tx, input.clone())) {
+        Ok(record) => CreationEntryConfigProcedureResult {
+            ok: true,
+            record: Some(record),
+            error_message: None,
+        },
+        Err(message) => CreationEntryConfigProcedureResult {
+            ok: false,
+            record: None,
+            error_message: Some(message),
+        },
+    }
+}
+
 fn upsert_creation_entry_type_config_in_tx(
     ctx: &ReducerContext,
     input: CreationEntryTypeAdminUpsertInput,
@@ -171,6 +194,33 @@ fn upsert_creation_entry_event_banners_config_in_tx(
     get_or_seed_creation_entry_config_snapshot(ctx)
 }
 
+/// 在事务内归一化公开作品互动配置 JSON 并更新全局入口配置表头。
+fn upsert_public_work_interaction_config_in_tx(
+    ctx: &ReducerContext,
+    input: PublicWorkInteractionConfigAdminUpsertInput,
+) -> Result<CreationEntryConfigSnapshot, String> {
+    seed_creation_entry_config_if_missing(ctx);
+    let now = ctx.timestamp;
+    let config_id = CREATION_ENTRY_CONFIG_GLOBAL_ID.to_string();
+    let Some(header) = ctx.db.creation_entry_config().config_id().find(&config_id) else {
+        return Err("创作入口配置初始化失败".to_string());
+    };
+    let public_work_interactions_json =
+        module_runtime::normalize_public_work_interaction_config_json(
+            &input.public_work_interactions_json,
+        )?;
+
+    ctx.db
+        .creation_entry_config()
+        .config_id()
+        .update(CreationEntryConfig {
+            updated_at: now,
+            public_work_interactions_json: Some(public_work_interactions_json),
+            ..header
+        });
+    get_or_seed_creation_entry_config_snapshot(ctx)
+}
+
 fn get_or_seed_creation_entry_config_snapshot(
     ctx: &ReducerContext,
 ) -> Result<CreationEntryConfigSnapshot, String> {
@@ -247,6 +297,7 @@ fn get_or_seed_creation_entry_config_snapshot(
         event_banners_json: header.event_banners_json,
         creation_types,
         updated_at_micros: header.updated_at.to_micros_since_unix_epoch(),
+        public_work_interactions_json: header.public_work_interactions_json,
     })
 }
 
@@ -276,6 +327,9 @@ fn seed_creation_entry_config_if_missing(ctx: &ReducerContext) {
             event_starts_at_text: Some(DEFAULT_CREATION_ENTRY_EVENT_STARTS_AT_TEXT.to_string()),
             event_ends_at_text: Some(DEFAULT_CREATION_ENTRY_EVENT_ENDS_AT_TEXT.to_string()),
             event_banners_json: Some(module_runtime::default_creation_entry_event_banners_json()),
+            public_work_interactions_json: Some(
+                module_runtime::default_public_work_interaction_config_json(),
+            ),
         });
     }
 
diff --git a/src/components/platform-entry/PlatformEntryFlowShellImpl.tsx b/src/components/platform-entry/PlatformEntryFlowShellImpl.tsx
index 2ebd27d1..9c1f65b1 100644
--- a/src/components/platform-entry/PlatformEntryFlowShellImpl.tsx
+++ b/src/components/platform-entry/PlatformEntryFlowShellImpl.tsx
@@ -372,9 +372,7 @@ import {
   type CreationWorkShelfItem,
   isPersistedBarkBattleDraftGenerating,
 } from '../custom-world-home/creationWorkShelf';
-import {
-  selectAdjacentPlatformRecommendEntry,
-} from '../rpg-entry/rpgEntryPublicGalleryViewModel';
+import { selectAdjacentPlatformRecommendEntry } from '../rpg-entry/rpgEntryPublicGalleryViewModel';
 import {
   isBigFishGalleryEntry,
   isEdutainmentGalleryEntry,
@@ -1194,7 +1192,9 @@ const PuzzleClearResultView = lazy(async () => {
 });
 
 const PuzzleClearRuntimeShell = lazy(async () => {
-  const module = await import('../puzzle-clear-runtime/PuzzleClearRuntimeShell');
+  const module = await import(
+    '../puzzle-clear-runtime/PuzzleClearRuntimeShell'
+  );
   return {
     default: module.PuzzleClearRuntimeShell,
   };
@@ -1712,6 +1712,10 @@ export function PlatformEntryFlowShellImpl({
     const entries = creationEntryConfig?.creationTypes ?? [];
     return new Map(entries.map((entry) => [entry.id, entry]));
   }, [creationEntryConfig]);
+  const publicWorkInteractions = useMemo(
+    () => creationEntryConfig?.publicWorkInteractions ?? [],
+    [creationEntryConfig],
+  );
   const getUnifiedSpec = useCallback(
     (playId: UnifiedCreationPlayId) =>
       getUnifiedCreationSpec(playId, unifiedCreationConfigById.get(playId)),
@@ -2900,8 +2904,10 @@ export function PlatformEntryFlowShellImpl({
       woodenFishGalleryEntries,
     ],
   );
-  const { featuredEntries: featuredGalleryEntries, latestEntries: latestGalleryEntries } =
-    publicGalleryFeeds;
+  const {
+    featuredEntries: featuredGalleryEntries,
+    latestEntries: latestGalleryEntries,
+  } = publicGalleryFeeds;
   const recommendRuntimeEntries = useMemo(
     () =>
       buildPlatformRecommendedEntries({
@@ -3084,23 +3090,22 @@ export function PlatformEntryFlowShellImpl({
   ]);
 
   useEffect(() => {
-    const progressTickDecision =
-      resolvePlatformGenerationProgressTickDecision({
-        selectionStage,
-        miniGameStates: {
-          puzzle: puzzleGenerationState,
-          match3d: match3dGenerationState,
-          'big-fish': bigFishGenerationState,
-          'square-hole': squareHoleGenerationState,
-          'jump-hop': jumpHopGenerationState,
-          'wooden-fish': woodenFishGenerationState,
-          'baby-object-match': babyObjectMatchGenerationState,
-        },
-        visualNovel: {
-          startedAtMs: visualNovelGenerationStartedAtMs,
-          phase: visualNovelGenerationPhase,
-        },
-      });
+    const progressTickDecision = resolvePlatformGenerationProgressTickDecision({
+      selectionStage,
+      miniGameStates: {
+        puzzle: puzzleGenerationState,
+        match3d: match3dGenerationState,
+        'big-fish': bigFishGenerationState,
+        'square-hole': squareHoleGenerationState,
+        'jump-hop': jumpHopGenerationState,
+        'wooden-fish': woodenFishGenerationState,
+        'baby-object-match': babyObjectMatchGenerationState,
+      },
+      visualNovel: {
+        startedAtMs: visualNovelGenerationStartedAtMs,
+        phase: visualNovelGenerationPhase,
+      },
+    });
 
     if (!progressTickDecision.shouldTick) {
       return undefined;
@@ -3603,7 +3608,11 @@ export function PlatformEntryFlowShellImpl({
       markPendingDraftFailed('match3d', session.sessionId);
       markDraftFailed(
         'match3d',
-        [session.draft?.profileId, session.publishedProfileId, session.sessionId],
+        [
+          session.draft?.profileId,
+          session.publishedProfileId,
+          session.sessionId,
+        ],
         errorMessage,
       );
       try {
@@ -3885,7 +3894,11 @@ export function PlatformEntryFlowShellImpl({
         markPendingDraftFailed('square-hole', session.sessionId);
         markDraftFailed(
           'square-hole',
-          [session.draft?.profileId, session.publishedProfileId, session.sessionId],
+          [
+            session.draft?.profileId,
+            session.publishedProfileId,
+            session.sessionId,
+          ],
           errorMessage,
         );
         void refreshSquareHoleShelf().catch(() => undefined);
@@ -3965,15 +3978,18 @@ export function PlatformEntryFlowShellImpl({
         if (!isPuzzleCompileActionReady(response.session)) {
           const nextPayload =
             formPayload ?? buildPuzzleFormPayloadFromSession(response.session);
-          const fallbackGenerationState = createPuzzleDraftGenerationStateFromPayload(
-            nextPayload,
-            response.session,
-          );
-          const nextGenerationState = mergePuzzleSessionProgressIntoGenerationState(
-            puzzleGenerationState ?? fallbackGenerationState,
-            response.session,
-          );
-          activePuzzleGenerationSessionIdRef.current = response.session.sessionId;
+          const fallbackGenerationState =
+            createPuzzleDraftGenerationStateFromPayload(
+              nextPayload,
+              response.session,
+            );
+          const nextGenerationState =
+            mergePuzzleSessionProgressIntoGenerationState(
+              puzzleGenerationState ?? fallbackGenerationState,
+              response.session,
+            );
+          activePuzzleGenerationSessionIdRef.current =
+            response.session.sessionId;
           setSelectionStage('puzzle-generating');
           markDraftGenerating('puzzle', [
             response.session.sessionId,
@@ -7726,8 +7742,7 @@ export function PlatformEntryFlowShellImpl({
             ...current.filter(
               (item) =>
                 item.workId !== response.work!.summary.workId &&
-                item.sourceSessionId !==
-                  response.work!.summary.sourceSessionId,
+                item.sourceSessionId !== response.work!.summary.sourceSessionId,
             ),
           ]);
           markPendingDraftReady(
@@ -7849,7 +7864,8 @@ export function PlatformEntryFlowShellImpl({
           workTitle: puzzleClearSession.draft?.workTitle,
           workDescription: puzzleClearSession.draft?.workDescription,
           themePrompt: puzzleClearSession.draft?.themePrompt,
-          boardBackgroundPrompt: puzzleClearSession.draft?.boardBackgroundPrompt,
+          boardBackgroundPrompt:
+            puzzleClearSession.draft?.boardBackgroundPrompt,
           generateBoardBackground:
             puzzleClearSession.draft?.generateBoardBackground,
           boardBackgroundAsset: puzzleClearSession.draft?.boardBackgroundAsset,
@@ -7874,11 +7890,9 @@ export function PlatformEntryFlowShellImpl({
       );
       setPuzzleClearError(errorMessage);
       setPuzzleClearGenerationState(
-        resolveFinishedMiniGameDraftGenerationState(
-          generationState,
-          'failed',
-          { error: errorMessage },
-        ),
+        resolveFinishedMiniGameDraftGenerationState(generationState, 'failed', {
+          error: errorMessage,
+        }),
       );
     } finally {
       setIsPuzzleClearBusy(false);
@@ -7905,7 +7919,9 @@ export function PlatformEntryFlowShellImpl({
       setPuzzleClearWork(response.item);
       setPuzzleClearWorks((current) => [
         response.item.summary,
-        ...current.filter((item) => item.workId !== response.item.summary.workId),
+        ...current.filter(
+          (item) => item.workId !== response.item.summary.workId,
+        ),
       ]);
       void refreshPuzzleClearShelf();
       void refreshPuzzleClearGallery();
@@ -7918,7 +7934,9 @@ export function PlatformEntryFlowShellImpl({
       setPublicWorkDetailError(null);
       selectionStageRef.current = 'work-detail';
       setSelectionStage('work-detail');
-      pushAppHistoryPath(buildPublicWorkStagePath('work-detail', publicWorkCode));
+      pushAppHistoryPath(
+        buildPublicWorkStagePath('work-detail', publicWorkCode),
+      );
       openPublishShareModal({
         title: response.item.summary.workTitle || '拼消消',
         publicWorkCode,
@@ -8020,7 +8038,9 @@ export function PlatformEntryFlowShellImpl({
         return;
       }
       setPuzzleClearError(null);
-      setPuzzleClearRun(retryPuzzleClearLocalLevel(puzzleClearRun, puzzleClearWork));
+      setPuzzleClearRun(
+        retryPuzzleClearLocalLevel(puzzleClearRun, puzzleClearWork),
+      );
       return;
     }
 
@@ -10653,7 +10673,10 @@ export function PlatformEntryFlowShellImpl({
         setIsPublicWorkDetailBusy(true);
         setPublicWorkDetailError(null);
 
-        const intent = resolvePlatformPublicWorkLikeIntent(entry);
+        const intent = resolvePlatformPublicWorkLikeIntent(
+          entry,
+          publicWorkInteractions,
+        );
 
         if (intent.type === 'like-big-fish') {
           void likeBigFishGalleryWork(intent.profileId)
@@ -10763,6 +10786,7 @@ export function PlatformEntryFlowShellImpl({
     [
       isPublicWorkDetailBusy,
       platformBootstrap,
+      publicWorkInteractions,
       resolveBigFishErrorMessage,
       resolvePuzzleErrorMessage,
       runProtectedAction,
@@ -11049,7 +11073,8 @@ export function PlatformEntryFlowShellImpl({
         notices: draftGenerationNotices,
         generation: {
           activeSessionId: jumpHopSession?.sessionId,
-          hasActiveGenerationFailure: jumpHopGenerationState?.phase === 'failed',
+          hasActiveGenerationFailure:
+            jumpHopGenerationState?.phase === 'failed',
         },
       });
       markDraftNoticeSeen(openIntent.noticeKeys);
@@ -11133,7 +11158,9 @@ export function PlatformEntryFlowShellImpl({
       try {
         const detail = await puzzleClearClient.getRuntimeWorkDetail(profileId);
         setPuzzleClearWork(detail.item);
-        openPublicWorkDetail(mapPuzzleClearWorkToPlatformGalleryCard(detail.item));
+        openPublicWorkDetail(
+          mapPuzzleClearWorkToPlatformGalleryCard(detail.item),
+        );
       } catch (error) {
         setPublicWorkDetailError(
           resolveRpgCreationErrorMessage(error, '读取拼消消详情失败。'),
@@ -11435,8 +11462,7 @@ export function PlatformEntryFlowShellImpl({
         notices: draftGenerationNotices,
         generation: {
           activeSessionId: puzzleSession?.sessionId,
-          hasActiveGenerationFailure:
-            activeGenerationState?.phase === 'failed',
+          hasActiveGenerationFailure: activeGenerationState?.phase === 'failed',
           hasActiveGenerationRunning: isMiniGameDraftGenerating(
             activeGenerationState ?? null,
           ),
@@ -11483,9 +11509,8 @@ export function PlatformEntryFlowShellImpl({
         const failedError = backgroundTask?.error ?? openIntent.errorMessage;
         if (!failedSession) {
           try {
-            const { session: latestSession } = await getPuzzleAgentSession(
-              sourceSessionId,
-            );
+            const { session: latestSession } =
+              await getPuzzleAgentSession(sourceSessionId);
             failedSession = latestSession;
             failedPayload = buildPuzzleFormPayloadFromSession(latestSession);
           } catch {
@@ -11568,9 +11593,8 @@ export function PlatformEntryFlowShellImpl({
 
       if (openIntent.type === 'restore-generating') {
         try {
-          const { session: latestSession } = await getPuzzleAgentSession(
-            sourceSessionId,
-          );
+          const { session: latestSession } =
+            await getPuzzleAgentSession(sourceSessionId);
           const payload = buildPuzzleFormPayloadFromSession(latestSession);
           const startedAtMs = resolveMiniGameDraftGenerationStartedAtMs(
             latestSession.updatedAt,
@@ -11619,9 +11643,7 @@ export function PlatformEntryFlowShellImpl({
 
       markDraftNoticeSeen(noticeKeys);
 
-      const restoredSession = await puzzleFlow.restoreDraft(
-        sourceSessionId,
-      );
+      const restoredSession = await puzzleFlow.restoreDraft(sourceSessionId);
       if (!restoredSession) {
         await refreshPuzzleShelf().catch(() => undefined);
         return;
@@ -11669,8 +11691,7 @@ export function PlatformEntryFlowShellImpl({
         forceDraft: options.forceDraft,
         generation: {
           activeSessionId: match3dSession?.sessionId,
-          hasActiveGenerationFailure:
-            activeGenerationState?.phase === 'failed',
+          hasActiveGenerationFailure: activeGenerationState?.phase === 'failed',
           hasActiveGenerationRunning: isMiniGameDraftGenerating(
             activeGenerationState ?? null,
           ),
@@ -11865,9 +11886,7 @@ export function PlatformEntryFlowShellImpl({
 
       markDraftNoticeSeen(noticeKeys);
 
-      const restoredSession = await match3dFlow.restoreDraft(
-        sourceSessionId,
-      );
+      const restoredSession = await match3dFlow.restoreDraft(sourceSessionId);
       if (!restoredSession) {
         await refreshMatch3DShelf().catch(() => undefined);
         return;
@@ -13316,8 +13335,7 @@ export function PlatformEntryFlowShellImpl({
     activeRecommendEntryKey && !isDesktopLayout
       ? (recommendRuntimeEntries.find(
           (entry) =>
-            getPlatformPublicGalleryEntryKey(entry) ===
-            activeRecommendEntryKey,
+            getPlatformPublicGalleryEntryKey(entry) === activeRecommendEntryKey,
         ) ?? null)
       : null;
   const isActiveRecommendRuntimeReady =
@@ -13333,7 +13351,8 @@ export function PlatformEntryFlowShellImpl({
       hasVisualNovelRun: Boolean(visualNovelRun),
       hasWoodenFishRun: Boolean(woodenFishRun),
       puzzleRunEntryProfileId: puzzleRun?.entryProfileId ?? null,
-      puzzleRunCurrentLevelProfileId: puzzleRun?.currentLevel?.profileId ?? null,
+      puzzleRunCurrentLevelProfileId:
+        puzzleRun?.currentLevel?.profileId ?? null,
     });
 
   useEffect(() => {
@@ -13407,7 +13426,10 @@ export function PlatformEntryFlowShellImpl({
         setIsPublicWorkDetailBusy(true);
         setPublicWorkDetailError(null);
 
-        const intent = resolvePlatformPublicWorkRemixIntent(entry);
+        const intent = resolvePlatformPublicWorkRemixIntent(
+          entry,
+          publicWorkInteractions,
+        );
 
         if (intent.type === 'remix-big-fish') {
           void remixBigFishGalleryWork(intent.profileId)
@@ -13482,6 +13504,7 @@ export function PlatformEntryFlowShellImpl({
       isPublicWorkDetailBusy,
       platformBootstrap,
       puzzleFlow,
+      publicWorkInteractions,
       resetRecommendRuntimeSelection,
       resolveBigFishErrorMessage,
       resolvePuzzleErrorMessage,
@@ -13698,10 +13721,7 @@ export function PlatformEntryFlowShellImpl({
           const detailEntry = mapPuzzleClearWorkToPlatformGalleryCard(entry);
           return (
             canExposePublicWork(detailEntry) &&
-            isSamePuzzleClearPublicWorkCode(
-              normalizedKeyword,
-              entry.profileId,
-            )
+            isSamePuzzleClearPublicWorkCode(normalizedKeyword, entry.profileId)
           );
         });
 
@@ -14126,7 +14146,9 @@ export function PlatformEntryFlowShellImpl({
         jumpHopItems: isJumpHopCreationVisible ? jumpHopShelfItems : [],
         woodenFishItems: woodenFishShelfItems,
         match3dItems: match3dShelfItems,
-        squareHoleItems: isSquareHoleCreationVisible ? squareHoleShelfItems : [],
+        squareHoleItems: isSquareHoleCreationVisible
+          ? squareHoleShelfItems
+          : [],
         puzzleItems: puzzleShelfItems,
         babyObjectMatchItems: isBabyObjectMatchVisible
           ? babyObjectMatchDrafts
@@ -14358,7 +14380,7 @@ export function PlatformEntryFlowShellImpl({
                 puzzleShelfError ??
                 puzzleError ??
                 (isVisualNovelCreationOpen ? visualNovelError : null) ??
-              babyObjectMatchError ??
+                babyObjectMatchError ??
                 puzzleClearError ??
                 barkBattleError)
           }
@@ -15766,7 +15788,9 @@ export function PlatformEntryFlowShellImpl({
                 profile={jumpHopWork}
                 isBusy={isJumpHopBusy}
                 error={jumpHopError}
-                runtimeRequestOptions={jumpHopRuntimeRequestOptions ?? undefined}
+                runtimeRequestOptions={
+                  jumpHopRuntimeRequestOptions ?? undefined
+                }
                 onBack={() => {
                   setSelectionStage(jumpHopRuntimeReturnStage);
                 }}
@@ -16226,7 +16250,9 @@ export function PlatformEntryFlowShellImpl({
               <UnifiedCreationPage
                 spec={getUnifiedSpec('visual-novel')}
                 onBack={leaveVisualNovelFlow}
-                isBackDisabled={isVisualNovelBusy || isVisualNovelStreamingReply}
+                isBackDisabled={
+                  isVisualNovelBusy || isVisualNovelStreamingReply
+                }
               >
                 <VisualNovelAgentWorkspace
                   session={visualNovelSession}
diff --git a/src/components/platform-entry/platformPublicWorkDetailFlow.test.ts b/src/components/platform-entry/platformPublicWorkDetailFlow.test.ts
index 7600ad22..a4628e17 100644
--- a/src/components/platform-entry/platformPublicWorkDetailFlow.test.ts
+++ b/src/components/platform-entry/platformPublicWorkDetailFlow.test.ts
@@ -899,6 +899,23 @@ test('platform public work detail flow resolves like intent', () => {
   });
 });
 
+test('platform public work detail flow respects configured like disable', () => {
+  expect(
+    resolvePlatformPublicWorkLikeIntent(buildTypedEntry('puzzle'), [
+      {
+        sourceType: 'puzzle',
+        likeEnabled: false,
+        remixEnabled: true,
+        likeDisabledMessage: '拼图点赞维护中。',
+        remixDisabledMessage: '拼图改造维护中。',
+      },
+    ]),
+  ).toEqual({
+    type: 'unsupported',
+    errorMessage: '拼图点赞维护中。',
+  });
+});
+
 test('platform public work detail flow resolves remix intent', () => {
   expect(
     resolvePlatformPublicWorkRemixIntent(buildTypedEntry('big-fish')),
@@ -969,13 +986,31 @@ test('platform public work detail flow resolves remix intent', () => {
   });
 });
 
+test('platform public work detail flow respects configured remix disable', () => {
+  expect(
+    resolvePlatformPublicWorkRemixIntent(buildRpgEntry(), [
+      {
+        sourceType: 'custom-world',
+        likeEnabled: true,
+        remixEnabled: false,
+        likeDisabledMessage: 'RPG 点赞维护中。',
+        remixDisabledMessage: 'RPG 改造维护中。',
+      },
+    ]),
+  ).toEqual({
+    type: 'unsupported',
+    errorMessage: 'RPG 改造维护中。',
+  });
+});
+
 test('platform public work detail flow resolves edit intent for draft-backed works', () => {
   const bigFishEntry = buildTypedEntry('big-fish');
-  expect(resolvePlatformPublicWorkEditIntent(bigFishEntry, buildEditIntentDeps()))
-    .toEqual({
-      type: 'edit-big-fish',
-      work: mapPublicWorkDetailToBigFishWork(bigFishEntry),
-    });
+  expect(
+    resolvePlatformPublicWorkEditIntent(bigFishEntry, buildEditIntentDeps()),
+  ).toEqual({
+    type: 'edit-big-fish',
+    work: mapPublicWorkDetailToBigFishWork(bigFishEntry),
+  });
 
   const selectedPuzzleDetail = buildPuzzleWork({
     profileId: 'puzzle-profile',
@@ -1153,7 +1188,10 @@ test('platform public work detail flow resolves edit intent for unsupported and
 
   const edutainmentEntry = buildTypedEntry('edutainment');
   expect(
-    resolvePlatformPublicWorkEditIntent(edutainmentEntry, buildEditIntentDeps()),
+    resolvePlatformPublicWorkEditIntent(
+      edutainmentEntry,
+      buildEditIntentDeps(),
+    ),
   ).toEqual({
     type: 'resolve-edutainment-draft',
     entry: edutainmentEntry,
diff --git a/src/components/platform-entry/platformPublicWorkDetailFlow.ts b/src/components/platform-entry/platformPublicWorkDetailFlow.ts
index 909e8038..1058cc7e 100644
--- a/src/components/platform-entry/platformPublicWorkDetailFlow.ts
+++ b/src/components/platform-entry/platformPublicWorkDetailFlow.ts
@@ -97,6 +97,14 @@ export type PlatformPublicWorkDetailOpenStrategy =
 
 export type PlatformPublicWorkActionMode = 'edit' | 'remix';
 
+export type PlatformPublicWorkInteractionConfig = {
+  sourceType: string;
+  likeEnabled: boolean;
+  remixEnabled: boolean;
+  likeDisabledMessage: string;
+  remixDisabledMessage: string;
+};
+
 export type PlatformPublicWorkLikeIntent =
   | {
       type: 'like-big-fish';
@@ -678,9 +686,55 @@ export function resolvePlatformPublicWorkActionMode(
     : 'remix';
 }
 
+export function getPlatformPublicWorkInteractionSourceType(
+  entry: PlatformPublicGalleryCard,
+) {
+  return 'sourceType' in entry ? entry.sourceType : 'custom-world';
+}
+
+function resolveConfiguredPublicWorkInteractionBlock(
+  entry: PlatformPublicGalleryCard,
+  configs: readonly PlatformPublicWorkInteractionConfig[] | null | undefined,
+  action: 'like' | 'remix',
+): PlatformPublicWorkLikeIntent | PlatformPublicWorkRemixIntent | null {
+  const sourceType = getPlatformPublicWorkInteractionSourceType(entry);
+  const config = configs?.find((item) => item.sourceType === sourceType);
+  if (!config) {
+    return null;
+  }
+
+  if (action === 'like' && !config.likeEnabled) {
+    return {
+      type: 'unsupported',
+      errorMessage:
+        config.likeDisabledMessage.trim() || '该作品类型暂不支持点赞。',
+    };
+  }
+
+  if (action === 'remix' && !config.remixEnabled) {
+    return {
+      type: 'unsupported',
+      errorMessage:
+        config.remixDisabledMessage.trim() || '该作品类型暂不支持改造。',
+    };
+  }
+
+  return null;
+}
+
 export function resolvePlatformPublicWorkLikeIntent(
   entry: PlatformPublicGalleryCard,
+  configs?: readonly PlatformPublicWorkInteractionConfig[] | null,
 ): PlatformPublicWorkLikeIntent {
+  const configuredBlock = resolveConfiguredPublicWorkInteractionBlock(
+    entry,
+    configs,
+    'like',
+  );
+  if (configuredBlock) {
+    return configuredBlock as PlatformPublicWorkLikeIntent;
+  }
+
   if (isBigFishGalleryEntry(entry)) {
     return {
       type: 'like-big-fish',
@@ -760,7 +814,17 @@ export function resolvePlatformPublicWorkLikeIntent(
 
 export function resolvePlatformPublicWorkRemixIntent(
   entry: PlatformPublicGalleryCard,
+  configs?: readonly PlatformPublicWorkInteractionConfig[] | null,
 ): PlatformPublicWorkRemixIntent {
+  const configuredBlock = resolveConfiguredPublicWorkInteractionBlock(
+    entry,
+    configs,
+    'remix',
+  );
+  if (configuredBlock) {
+    return configuredBlock as PlatformPublicWorkRemixIntent;
+  }
+
   if (isBigFishGalleryEntry(entry)) {
     return {
       type: 'remix-big-fish',
@@ -933,8 +997,9 @@ export function resolvePlatformPublicWorkEditIntent(
 
   if (isVisualNovelGalleryEntry(entry)) {
     const work =
-      deps.visualNovelWorks?.find((item) => item.profileId === entry.profileId) ??
-      null;
+      deps.visualNovelWorks?.find(
+        (item) => item.profileId === entry.profileId,
+      ) ?? null;
     if (!work) {
       return {
         type: 'blocked',
diff --git a/src/services/apiClient.test.ts b/src/services/apiClient.test.ts
index 51d11e0e..9f657156 100644
--- a/src/services/apiClient.test.ts
+++ b/src/services/apiClient.test.ts
@@ -81,7 +81,6 @@ describe('apiClient', () => {
           body: JSON.stringify({
             ok: true,
             data: {
-              ok: true,
               token: 'fresh-token',
             },
             error: null,
@@ -156,7 +155,6 @@ describe('apiClient', () => {
           body: JSON.stringify({
             ok: true,
             data: {
-              ok: true,
               token: 'fresh-token',
             },
             error: null,
@@ -334,6 +332,64 @@ describe('apiClient', () => {
     expect(getStoredAccessToken()).toBe('usable-local-token');
   });
 
+  it('keeps local token when refresh fails with transient server unavailable', async () => {
+    setStoredAccessToken('usable-local-token', { emit: false });
+    fetchMock.mockResolvedValueOnce(createResponseMock({ status: 503 }));
+
+    await expect(refreshStoredAccessToken()).rejects.toMatchObject({
+      status: 503,
+    });
+
+    expect(fetchMock).toHaveBeenCalledWith(
+      '/api/auth/refresh',
+      expect.objectContaining({
+        method: 'POST',
+        credentials: 'same-origin',
+      }),
+    );
+    expect(dispatchEventMock).not.toHaveBeenCalled();
+    expect(getStoredAccessToken()).toBe('usable-local-token');
+  });
+
+  it('keeps local token when refresh cannot reach the restarting server', async () => {
+    setStoredAccessToken('usable-local-token', { emit: false });
+    fetchMock.mockRejectedValueOnce(new TypeError('Failed to fetch'));
+
+    await expect(refreshStoredAccessToken()).rejects.toBeInstanceOf(TypeError);
+
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+    expect(dispatchEventMock).not.toHaveBeenCalled();
+    expect(getStoredAccessToken()).toBe('usable-local-token');
+  });
+
+  it('clears local token when refresh confirms the session is unauthorized', async () => {
+    setStoredAccessToken('expired-local-token', { emit: false });
+    fetchMock.mockResolvedValueOnce(createResponseMock({ status: 401 }));
+
+    await expect(refreshStoredAccessToken()).rejects.toMatchObject({
+      status: 401,
+    });
+
+    expect(dispatchEventMock).not.toHaveBeenCalled();
+    expect(getStoredAccessToken()).toBe('');
+  });
+
+  it('does not clear auth when protected request refresh fails transiently', async () => {
+    setStoredAccessToken('expired-token-during-restart', { emit: false });
+    fetchMock
+      .mockResolvedValueOnce(createResponseMock({ status: 401 }))
+      .mockResolvedValueOnce(createResponseMock({ status: 503 }));
+
+    const response = await fetchWithApiAuth('/api/runtime/protected', {
+      method: 'GET',
+    });
+
+    expect(response.status).toBe(401);
+    expect(fetchMock).toHaveBeenCalledTimes(2);
+    expect(dispatchEventMock).not.toHaveBeenCalled();
+    expect(getStoredAccessToken()).toBe('expired-token-during-restart');
+  });
+
   it('keeps the refreshed token when the retried protected request is still unauthorized', async () => {
     setStoredAccessToken('expired-token', { emit: false });
     fetchMock
@@ -344,7 +400,6 @@ describe('apiClient', () => {
           body: JSON.stringify({
             ok: true,
             data: {
-              ok: true,
               token: 'fresh-token',
             },
             error: null,
@@ -366,7 +421,7 @@ describe('apiClient', () => {
     expect(dispatchEventMock).not.toHaveBeenCalled();
   });
 
-  it('rejects refresh responses that do not return a renewed bearer token', async () => {
+  it('rejects malformed refresh responses without treating them as logout', async () => {
     setStoredAccessToken('expired-token', { emit: false });
     fetchMock
       .mockResolvedValueOnce(createResponseMock({ status: 401 }))
@@ -397,8 +452,8 @@ describe('apiClient', () => {
       message: '读取受保护数据失败',
     });
     expect(fetchMock).toHaveBeenCalledTimes(2);
-    expect(getStoredAccessToken()).toBe('');
-    expect(dispatchEventMock).toHaveBeenCalledTimes(1);
+    expect(getStoredAccessToken()).toBe('expired-token');
+    expect(dispatchEventMock).not.toHaveBeenCalled();
   });
 
   it('keeps the current access token when a public request explicitly skips auth', async () => {
diff --git a/src/services/apiClient.ts b/src/services/apiClient.ts
index a3eecde0..7d106555 100644
--- a/src/services/apiClient.ts
+++ b/src/services/apiClient.ts
@@ -497,6 +497,13 @@ function withAuthorizationHeaders(
 
 let refreshAccessTokenPromise: Promise<string> | null = null;
 
+function shouldClearAuthAfterRefreshFailure(error: unknown) {
+  return (
+    error instanceof ApiClientError &&
+    (error.status === 401 || error.status === 403)
+  );
+}
+
 async function refreshAccessToken() {
   if (refreshAccessTokenPromise) {
     return refreshAccessTokenPromise;
@@ -522,11 +529,11 @@ async function refreshAccessToken() {
         )
       : null;
 
-    if (payload?.ok !== true || !payload.token?.trim()) {
+    const nextToken = payload?.token?.trim();
+    if (!nextToken) {
       throw new Error('刷新登录状态失败');
     }
 
-    const nextToken = payload.token.trim();
     setStoredAccessToken(nextToken, { emit: false });
     return nextToken;
   })();
@@ -556,7 +563,10 @@ export async function refreshStoredAccessToken(
   try {
     return await refreshAccessToken();
   } catch (error) {
-    if (options.clearOnFailure !== false) {
+    if (
+      options.clearOnFailure !== false &&
+      shouldClearAuthAfterRefreshFailure(error)
+    ) {
       clearStoredAccessToken({ emit: false });
     }
     throw error;
@@ -629,11 +639,15 @@ export async function fetchWithApiAuth(
           // 不能把当前业务请求的首次 401 直接放大成全局鉴权变更，
           // 否则像 Puzzle works 这类受保护列表会把单接口失败放大成整个平台重复 hydrate。
           continue;
-        } catch {
-          if (hasAuthHeader && authFailurePolicy.clearAuthOnUnauthorized) {
+        } catch (refreshError) {
+          const shouldClearAuth =
+            hasAuthHeader &&
+            authFailurePolicy.clearAuthOnUnauthorized &&
+            shouldClearAuthAfterRefreshFailure(refreshError);
+          if (shouldClearAuth) {
             clearStoredAccessToken({ emit: false });
           }
-          if (authFailurePolicy.notifyAuthStateChange) {
+          if (shouldClearAuth && authFailurePolicy.notifyAuthStateChange) {
             emitAuthStateChange();
           }
         }
diff --git a/src/services/creationEntryConfigService.ts b/src/services/creationEntryConfigService.ts
index 15ed0315..195c0298 100644
--- a/src/services/creationEntryConfigService.ts
+++ b/src/services/creationEntryConfigService.ts
@@ -51,6 +51,15 @@ export type CreationEntryEventBannerConfig = {
   htmlCode?: string | null;
 };
 
+/** 公开作品详情页互动能力配置，前端只据此关闭已接入动作。 */
+export type PublicWorkInteractionConfig = {
+  sourceType: string;
+  likeEnabled: boolean;
+  remixEnabled: boolean;
+  likeDisabledMessage: string;
+  remixDisabledMessage: string;
+};
+
 /** 创作入口页完整配置；前端只展示后端事实源，不内置入口默认值。 */
 export type CreationEntryConfig = {
   startCard: {
@@ -67,6 +76,8 @@ export type CreationEntryConfig = {
   eventBanner: CreationEntryEventBannerConfig;
   /** 底部加号创作入口页的多公告轮播配置。 */
   eventBanners?: CreationEntryEventBannerConfig[];
+  /** 公开作品详情页点赞 / 改造能力矩阵。 */
+  publicWorkInteractions?: PublicWorkInteractionConfig[];
   creationTypes: CreationEntryTypeConfig[];
 };
 

From 7dd53e95d84fd3d8716dda1f7fb8e39ee878f066 Mon Sep 17 00:00:00 2001
From: kdletters <kdletters@qq.com>
Date: Wed, 10 Jun 2026 22:00:19 +0800
Subject: [PATCH 5/9] =?UTF-8?q?=E7=BB=9F=E4=B8=80=E6=8E=A8=E8=8D=90?=
 =?UTF-8?q?=E9=A1=B5=E6=B8=B8=E5=AE=A2=E8=BF=90=E8=A1=8C=E6=80=81=E4=B8=8E?=
 =?UTF-8?q?=E5=88=87=E6=8D=A2=E9=98=9F=E5=88=97?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

统一推荐页各玩法正式 runtime 的游客鉴权透传。

收口推荐页首页展示队列和嵌入运行态切换队列。

补齐未登录读档、签名资产和个人数据读取的游客态处理。

新增运行态 HUD 小尺寸 logo 资源并更新拼图与抓鹅展示。

补充推荐切换、runtime guest 启动和客户端请求回归测试。

更新玩法链路、后端契约和团队记忆文档。
---
 .hermes/shared-memory/decision-log.md         |   4 +-
 .hermes/shared-memory/pitfalls.md             |   1 +
 ...�】server-rs与SpacetimeDB数据契约-2026-05-15.md |   3 +
 ...�玩法创作】平台入口与玩法链路-2026-05-15.md |   7 +-
 media/logo-runtime-hud.webp                   | Bin 0 -> 6530 bytes
 .../crates/api-server/src/bark_battle.rs      |  24 +-
 server-rs/crates/api-server/src/big_fish.rs   |  25 +-
 server-rs/crates/api-server/src/match3d.rs    |   2 +-
 .../crates/api-server/src/match3d/handlers.rs |  30 +-
 .../api-server/src/modules/bark_battle.rs     |  14 +-
 .../crates/api-server/src/modules/big_fish.rs |  12 +-
 .../crates/api-server/src/modules/match3d.rs  |  14 +-
 .../api-server/src/modules/square_hole.rs     |  14 +-
 .../api-server/src/modules/visual_novel.rs    |  16 +-
 .../crates/api-server/src/square_hole.rs      |  32 +-
 .../crates/api-server/src/visual_novel.rs     |  28 +-
 ...eraction_config_admin_upsert_input_type.rs |  15 +
 ...ublic_work_interaction_config_procedure.rs |  62 +++
 .../jump-hop-runtime/JumpHopRuntimeShell.tsx  |   2 +-
 .../match3d-runtime/Match3DRuntimeShell.tsx   |   2 +-
 .../PlatformEntryFlowShellImpl.tsx            | 425 ++++++++++------
 .../PuzzleRuntimeShell.test.tsx               |   2 +-
 .../puzzle-runtime/PuzzleRuntimeShell.tsx     |   2 +-
 ...gEntryFlowShell.agent.interaction.test.tsx | 158 ++++++
 .../rpgEntryPublicGalleryViewModel.test.ts    |  21 +
 .../rpgEntryPublicGalleryViewModel.ts         |   8 +-
 .../WoodenFishRuntimeShell.tsx                |   2 +-
 .../bark-battle/ui/BarkBattleRuntimeShell.tsx |  64 ++-
 .../big-fish-runtime/bigFishRuntimeClient.ts  |   6 +-
 src/services/jump-hop/jumpHopClient.test.ts   |  10 +
 src/services/jump-hop/jumpHopClient.ts        |  10 +
 .../match3dRuntimeAdapter.test.ts             |  61 ++-
 .../match3d-runtime/match3dRuntimeAdapter.ts  |  32 +-
 .../match3d-runtime/match3dRuntimeClient.ts   |  22 +-
 .../puzzleRuntimeClient.test.ts               |  10 +-
 .../puzzle-runtime/puzzleRuntimeClient.ts     |  63 +--
 .../recommendedRuntimeGuestLaunch.test.ts     | 469 +++++++++++++++++-
 .../squareHoleRuntimeClient.ts                |  22 +-
 .../visualNovelRuntimeClient.ts               |  14 +-
 .../wooden-fish/woodenFishClient.test.ts      |  24 +
 src/services/wooden-fish/woodenFishClient.ts  |  16 +-
 41 files changed, 1372 insertions(+), 376 deletions(-)
 create mode 100644 media/logo-runtime-hud.webp
 create mode 100644 server-rs/crates/spacetime-client/src/module_bindings/public_work_interaction_config_admin_upsert_input_type.rs
 create mode 100644 server-rs/crates/spacetime-client/src/module_bindings/upsert_public_work_interaction_config_procedure.rs

diff --git a/.hermes/shared-memory/decision-log.md b/.hermes/shared-memory/decision-log.md
index 3c36b390..2044455f 100644
--- a/.hermes/shared-memory/decision-log.md
+++ b/.hermes/shared-memory/decision-log.md
@@ -279,7 +279,7 @@
 - 背景：Match3D、SquareHole、Puzzle、Jump Hop 等 runtime client 重复手写 path segment 编码、JSON header / body、runtime guest token、auth options 和 retry options，新增玩法容易遗漏同一请求骨架。
 - 决策：新增 `src/services/runtimeRequest.ts`，以 `buildRuntimeApiPath` 统一 runtime path 编码，以 `requestRuntimeJson` 统一 JSON 请求、runtime guest auth 和 retry 合并。Match3D 与 SquareHole runtime client 已先迁移，保留原导出函数名、错误文案、返回契约和重试常量。
 - 追加决策：Big Fish 与 Bark Battle runtime client 也迁入 `runtimeRequest.ts`；玩法专属 payload 归一化（如 Bark Battle start / finish 自动补 `workId`、`runId`）仍留在各玩法 client，通用 Module 只承接请求骨架。
-- 追加决策：Puzzle 的 start / get / swap / drag / next-level / leaderboard 与 Jump Hop 的 start / jump / restart 也迁入 `runtimeRequest.ts`；Puzzle `pause` 与 `props` 仍保留原账号态 auth options，不直接接入 runtime guest auth。
+- 追加决策：Puzzle 的 start / get / swap / drag / next-level / leaderboard / pause / props 与 Jump Hop 的 start / jump / restart 也迁入 `runtimeRequest.ts`；只要调用方传入 Runtime Guest Token，所有正式 runtime 请求都统一带局部 Authorization、`skipAuth` 与 `skipRefresh`。
 - 追加决策：Wooden Fish 的 start / checkpoint / finish 与 Visual Novel 的 gallery / run / history / regenerate JSON 请求也迁入 `runtimeRequest.ts`；Wooden Fish 的 `clientEventId` 生成仍留在木鱼 client，Visual Novel start 因 `timeoutMs`、SSE 因流式 `fetchWithApiAuth` 仍暂留原实现。
 - 影响范围：`src/services/runtimeRequest.ts`、Match3D / SquareHole / Big Fish / Bark Battle / Puzzle / Jump Hop / Wooden Fish / Visual Novel runtime client。
 - 验证方式：`npm run test -- src/services/runtimeRequest.test.ts src/services/recommendedRuntimeGuestLaunch.test.ts src/services/match3d-runtime/match3dRuntimeAdapter.test.ts`、`npm run typecheck`、`npm run check:encoding`、相关文件 ESLint 通过。
@@ -428,7 +428,7 @@
 ## 2026-05-25 抓大鹅运行态 HUD 收敛为拼图同款低遮挡样式
 
 - 背景：抓大鹅游玩阶段 UI 需要继续对齐拼图运行态的观感，同时移除右上角设置入口、灰白半透底板和显眼锅壳，让棋盘区域更专注。
-- 决策：抓大鹅运行态只保留左上透明返回按钮，右上不再显示设置入口；顶部关卡名和倒计时直接复用拼图同款的铭牌 + 下挂计时牌结构、同色板、同造型和 `media/logo.png` 产品 logo；底部备选栏和道具图标保持交互边界但不再显示灰白半透底；中央容器图层可以视觉隐藏，但棋盘命中边界和既有交互逻辑保留。
+- 决策：抓大鹅运行态只保留左上透明返回按钮，右上不再显示设置入口；顶部关卡名和倒计时直接复用拼图同款的铭牌 + 下挂计时牌结构、同色板、同造型和 `media/logo-runtime-hud.webp` 产品 logo 小图；底部备选栏和道具图标保持交互边界但不再显示灰白半透底；中央容器图层可以视觉隐藏，但棋盘命中边界和既有交互逻辑保留。
 - 影响范围：`src/components/match3d-runtime/Match3DRuntimeShell.tsx`、`src/components/match3d-runtime/Match3DRuntimeShell.test.tsx`、`src/index.css`、抓大鹅玩法链路文档。
 - 验证方式：运行态页面不再渲染“打开抓大鹅设置”，顶部仍显示关卡名和倒计时，底部槽位和道具按钮 class 中不含旧白底视觉；相关测试通过后保持该口径。
 - 关联文档：`docs/【玩法创作】平台入口与玩法链路-2026-05-15.md`。
diff --git a/.hermes/shared-memory/pitfalls.md b/.hermes/shared-memory/pitfalls.md
index cef625e0..a1b78cf4 100644
--- a/.hermes/shared-memory/pitfalls.md
+++ b/.hermes/shared-memory/pitfalls.md
@@ -1149,6 +1149,7 @@
 - 追加处理：generated 私有图片换签 `/api/assets/read-url` 也属于展示层后台请求；推荐页拼图运行态挂载后会立即解析封面图，若换签 401 触发全局鉴权事件，也会表现成“进入拼图作品后瞬间未登录”。资源换签失败只应让当前图片为空，不应清 token、广播 auth 事件或主动 refresh。
 - 追加处理：从推荐页点进公开拼图作品并启动完整运行态后，`startPuzzleRun`、通关自动 `submitPuzzleLeaderboard`、下一关 `advancePuzzleNextLevel` 和重开同样属于当前玩法局部同步；这些请求失败时只应留在拼图错误态，不应清 token 或广播 auth 事件。
 - 追加处理：通关后 `refreshSaveArchives()`、首屏 bootstrap 的个人看板/作品架/浏览历史读写也只是平台投影刷新，失败应显示局部错误，不能充当全局登录态判定。
+- 追加处理：未登录推荐页启动任一公开正式玩法时，`/api/runtime/*` 局内路由必须使用 `RuntimePrincipal`，前端通过 `PlatformEntryFlowShellImpl` 的统一 request options helper 给 start / checkpoint / finish / input / drop / click / restart / time-up / leaderboard / next-level 等动作透传 runtime guest token；公开 runtime detail 读取如跳一跳、敲木鱼必须显式 `skipAuth/skipRefresh`，匿名推荐流不能补读受保护创作详情，否则会在真正开局前打出 `/api/auth/refresh 401`。
 - 验证：`npm run test -- src/services/apiClient.test.ts src/services/assetReadUrlService.test.ts`、`npm run test -- src/components/rpg-entry/RpgEntryFlowShell.agent.interaction.test.tsx -t "home recommendation starts embedded puzzle"`、`npm run test -- src/components/rpg-entry/RpgEntryFlowShell.agent.interaction.test.tsx -t "formal puzzle runtime uses frontend move merge logic and backend leaderboard"`、`npm run test -- src/components/rpg-entry/RpgEntryFlowShell.agent.interaction.test.tsx -t "formal puzzle similar work keeps current run level progression"`。
 - 关联：`src/services/apiClient.ts`、`src/services/assetReadUrlService.ts`、`src/services/puzzle-runtime/puzzleRuntimeClient.ts`、`src/components/platform-entry/PlatformEntryFlowShellImpl.tsx`、`docs/technical/RECOMMEND_RUNTIME_AUTH_FAILURE_ISOLATION_FIX_2026-05-09.md`。
 
diff --git a/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md b/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md
index 816b4a32..82249ceb 100644
--- a/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md
+++ b/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md
@@ -125,11 +125,14 @@ npm run check:server-rs-ddd
 
 `/api/runtime/puzzle/runs*` 当前接受 `RuntimePrincipal`，可同时识别登录用户 Bearer 和 runtime guest token。推荐页嵌入运行态的正式开局、交换、拖拽、下一关、暂停、道具与排行榜请求，应由前端在登录态下继续携带账号 access token；匿名游客仅在确认为未登录时走 runtime guest token。不要再把拼图 runtime 当成只认普通 Bearer 的纯账号接口。
 
+公开正式 runtime 的启动与局内同步动作统一接受 `RuntimePrincipal`，包括拼图、拼消消、跳一跳、敲木鱼、抓大鹅 Match3D、方洞挑战、视觉小说、大鱼吃小鱼和汪汪声浪。登录用户仍使用账号 Bearer；未登录推荐页或公开运行态使用 Runtime Guest Token，后端以 `principal.subject()` 作为本局 owner / player subject，并用 `WorkPlayTrackingDraft::runtime_principal(...)` 记录游玩。创作、个人作品、删除、发布、Remix、点赞等账号或所有权动作不得改成 runtime guest 鉴权。
+
 抓大鹅 Match3D `api-server` 内部拆分：
 
 - `server-rs/crates/api-server/src/modules/match3d.rs` 继续负责路由装配和 body limit；对外 handler 名称保持不变。
 - `server-rs/crates/api-server/src/match3d.rs` 只作为聚合入口，保留共享 import / 常量 / 内部类型、模块声明和 handler re-export。
 - `server-rs/crates/api-server/src/match3d/handlers.rs` 承接 Axum handler，负责 extract、鉴权上下文、调用 SpacetimeDB facade / 编排 helper，并返回 HTTP 响应。
+- `/api/runtime/match3d/works/{profile_id}/runs`、`/api/runtime/match3d/runs/{run_id}`、`/click`、`/stop`、`/restart` 与 `/time-up` 属于正式运行态局部请求，必须接受 `RuntimePrincipal`；登录用户使用账号 Bearer，推荐页匿名游客使用 runtime guest token，后端以 principal subject 作为本局 owner，不得退回只认普通 Bearer 的路由。
 - `server-rs/crates/api-server/src/match3d/draft.rs` 承接 Agent session、草稿编译、题材 / 难度 / 物品计划和草稿持久化编排。
 - `server-rs/crates/api-server/src/match3d/works.rs` 承接作品 CRUD、封面 / 背景 / 容器资产生成入口、发布 / Remix / 点赞 / 游玩记录和作品级 helper。
 - `server-rs/crates/api-server/src/match3d/item_assets.rs` 承接物品生成批次编排、append / replace / delete / sort / merge、计费外层和草稿素材映射；sheet prompt、绿幕 / 近白底透明化、切图和切片持久化复用 `generated_asset_sheets` 通用模块。
diff --git a/docs/【玩法创作】平台入口与玩法链路-2026-05-15.md b/docs/【玩法创作】平台入口与玩法链路-2026-05-15.md
index 00e3bf72..790b0d31 100644
--- a/docs/【玩法创作】平台入口与玩法链路-2026-05-15.md
+++ b/docs/【玩法创作】平台入口与玩法链路-2026-05-15.md
@@ -146,12 +146,13 @@ RPG / 拼图等运行态存档仍以 `/api/profile/save-archives` 的后端列
 - 拼图试玩和正式运行态刷新恢复不复用创作私有 query。进入 `/runtime/puzzle` 时必须写入 `runtimeProfileId`、草稿 `runtimeSessionId`、可选 `runtimeLevelId`、公开作品 `work` 和 `mode=draft|published`；进入运行态的导航顺序必须先切到 `/runtime/puzzle`，再写这些 runtime query，避免被阶段导航清掉后刷新停在“正在进入拼图关卡”。
 - 结果页生成关卡图时若关卡名为空，前端必须传 `shouldAutoNameLevel=true`，后端复用首关命名契约先按画面描述生成关卡名，再在图片生成后用视觉命名结果精修，并把生成名和 UI 背景提示词随本次关卡快照写回。
 - 拼图运行态背景优先读取当前关卡 `levelBackgroundImageSrc/levelBackgroundImageObjectKey`，旧数据才兼容 `uiBackgroundImageSrc/uiBackgroundImageObjectKey`；本地试玩、直达指定关卡和正式 `next-level` 推进时，目标关卡缺关卡背景时必须继承同作品首个可用关卡背景，仍缺失时才沿用当前运行态快照背景或默认 UI。运行态按钮视觉优先读取当前关卡 `uiSpritesheetImageSrc/uiSpritesheetImageObjectKey`，先按透明 alpha 自动边界检测识别 spritesheet 中的独立按钮展示矩形，再按原图位置从左到右、从上到下映射到返回、设置、下一关、提示、原图、冻结；同一组件还要按较高 alpha 阈值派生紧致点击热区，透明留白和柔边低 alpha 区域尽量不响应点击。检测失败时回退旧固定六格裁切，缺失时才用现有图标按钮兜底。有 spritesheet 时，返回、设置和下一关的点击容器只提供透明点击区，不再叠加默认白色圆形底、胶囊主按钮底或额外文字；下一关按钮在通关弹窗和底部入口中都直接使用 spritesheet 裁切出的 next 素材作为按钮本体。底部提示、原图、冻结三枚素材按检测矩形的原始宽高比显示，不能强行拉伸成正圆或铺满整列。底部道具区不再使用连片胶囊背景，提示、原图、冻结三个按钮均匀分布；运行态只展示按钮素材本身，不额外叠加“提示 / 原图 / 冻结”文字。
-- 推荐页本身不是登录门禁入口，未登录用户点击底部或侧边栏的推荐 Tab 应直接进入嵌入运行态，不主动打开登录弹窗。推荐页嵌入运行态必须按真实身份分流：已登录用户或本地已有 access token 时，启动拼图和后续排行榜 / 下一关等正式请求继续走账号 Bearer；只有确认为匿名访客时才申请并透传 runtime guest token。`/api/runtime/puzzle/runs*` 后端统一接受 `RuntimePrincipal`，可识别账号用户和匿名 runtime guest；推荐卡片的后台读写请求仍使用 local auth impact，避免单卡 401 清空整站登录态。创作、个人作品、删除、发布、Remix 等账号或所有权动作仍保持普通用户鉴权。
+- 推荐页本身不是登录门禁入口，未登录用户点击底部或侧边栏的推荐 Tab 应直接进入嵌入运行态，不主动打开登录弹窗。推荐页嵌入运行态必须按真实身份分流：已登录用户或本地已有 access token 时，正式 runtime 启动与后续局内动作继续走账号 Bearer；只有确认为匿名访客时才申请并透传 runtime guest token。平台壳统一通过 `buildRecommendRuntimeRequestOptions(...)` 为各玩法的 start / checkpoint / finish / input / drop / click / restart / time-up / leaderboard / next-level 等动作生成局部 request options，不允许每个玩法各写一套匿名分支。后端 `/api/runtime/*` 正式运行态写请求统一接受 `RuntimePrincipal`，可识别账号用户和匿名 runtime guest；推荐卡片的后台读写请求仍使用 local auth impact，避免单卡 401 清空整站登录态。创作、个人作品、删除、发布、Remix 等账号或所有权动作仍保持普通用户鉴权。
+- 推荐页作品队列只能通过 `buildPlatformRecommendFeedEntries(...)` 生成，首页卡片窗口、桌面推荐格、嵌入 runtime 自动启动和上一条 / 下一条切换都必须消费同一队列。不得在首页和 `PlatformEntryFlowShellImpl` 内分别按“最新列表顺序”和“评分推荐顺序”各算一套相邻作品，否则连续切换会出现视觉上跳过作品或回跳。
 - 拼图运行态棋盘不叠加分块蒙版、描边、阴影、选中底色或合并块 SVG 轮廓；拼图片本体需要裁切为圆角形状，单块使用独立圆角裁切，合并块使用 SVG 原生 `clipPath` 裁切整体外轮廓，外凸角和内凹角分别计算半径，内凹角半径要比外凸角更明显以避免手机 WebView 中看起来仍是直角。原图道具只在用户主动确认后打开独立原图查看层，不在当前拼图棋盘上叠加原图。
 - 拼图运行态拖拽必须完全跟随手指或鼠标位置，`pointermove` 期间即时写入可见拼块的 transform，不依赖等待后端回包、React 重渲染或下一帧动画队列；进入拖动后不展示拼块选中态或“已选择”提示，松手后再提交目标格同步规则真相。
 - 拼图运行态的提示、设置等点击弹层跟随当前运行态主色主题，使用普通圆角主题面板，不复用像素九宫格素材框。
 - 拼图运行态壳层自身要补齐 `platform-ui-shell` / `platform-theme` / `platform-theme--light|dark`，不能依赖外层平台壳来提供主题变量；`/puzzle` 直达页和平台内嵌页都必须渲染同一套主题语义类。
-- 拼图运行态顶部关卡信息采用游戏化铭牌样式：橘棕横向关卡名牌承载 `第 N 关` 和关卡名，左侧固定使用 `media/logo.png` 卡通形象；倒计时作为下挂米白小牌独立显示，紧贴铭牌但不遮挡棋盘。该样式只改变运行态 HUD 视觉，不改变计时、暂停、失败同步或关卡推进规则。
+- 拼图运行态顶部关卡信息采用游戏化铭牌样式：橘棕横向关卡名牌承载 `第 N 关` 和关卡名，左侧固定使用 `media/logo-runtime-hud.webp` 卡通形象小图；倒计时作为下挂米白小牌独立显示，紧贴铭牌但不遮挡棋盘。该样式只改变运行态 HUD 视觉，不改变计时、暂停、失败同步或关卡推进规则。
 - 拼图运行态进行中关卡的 `elapsedMs` 仍是结算字段，设置面板的“当前用时”必须按 `startedAtMs`、暂停累计和冻结累计实时派生；不要直接把进行中的 `currentLevel.elapsedMs` 当作展示值。
 - 推荐页嵌入拼图运行态时，通关结算弹层必须挂到页面级 fixed 浮层，不能留在推荐卡片视觉区内的 absolute 覆盖层；推荐页滑动卡片和运行态视口都使用 `overflow: hidden`，半屏内容区会裁剪排行榜、下一关按钮和相似作品卡。
 - 推荐页嵌入拼图运行态时，“下一关”应优先切到相似作品；如果当前推荐候选为空，才回退到同作品下一关，避免匿名推荐流在多关卡作品上持续停留在同一作品内。下一关请求 pending 期间必须保留当前 `PuzzleRuntimeShell` 和棋盘，不得把推荐卡整体切回 `加载中...` 占位态；局部同步状态由拼图运行态自己的 busy 表现承接。后端返回的新关卡属于其它作品时，前端必须同步 `selectedPuzzleDetail`、推荐页 `puzzleGalleryEntries` 缓存和 `activeRecommendEntryKey`，让底部作品信息、分享 / 点赞 / 改造和下一次“下一个”基准都指向新作品。
@@ -304,7 +305,7 @@ RPG / 拼图等运行态存档仍以 `/api/profile/save-archives` 的后端列
 - 难度只决定本局加载的物品种类数量：轻松 3、标准 9、进阶 15、硬核 20。硬核仍保留 21 次消除和 63 件总物品，运行态按 20 种素材循环复用，不要求生成第 21 种素材。
 - 运行态启动前要预加载 `generatedItemAssets[].imageViews[]`、顶层 `generatedBackgroundAsset`、物品挂载 `backgroundAsset` 中的背景、UI spritesheet 和物品 spritesheet；首次生成自动试玩、结果页手动试玩、推荐流和公开详情启动都必须传入提升后的 profile。卡片摘要缺图集字段时，进入运行态前必须补读 work detail。补读后的 profile 也要再次提升 `generatedItemAssets[].backgroundAsset`，确保背景和图集字段传给 `Match3DRuntimeShell`。
 - 背景图作为运行态全屏背景，图内已经保留容器；旧 `containerImage*` 只作为历史透明容器兼容字段。若 `containerImage*` 与 `uiSpritesheetImage*` 同源，运行态不得把 UI spritesheet 当中心容器图叠到棋盘上。
-- 抓大鹅运行态 HUD 需贴近拼图顶部信息条的视觉口径：左上只保留透明返回按钮；右上不再暴露设置入口；顶部关卡名和倒计时直接复用拼图同款的铭牌 + 下挂计时牌结构、同色板和同造型，并在牌面左侧挂上 `media/logo.png` 产品 logo；下方备选栏和道具图标只保留内容与交互边界，不再显示灰白半透底板；中央容器图层视觉可隐藏，但棋盘命中边界仍保留。
+- 抓大鹅运行态 HUD 需贴近拼图顶部信息条的视觉口径：左上只保留透明返回按钮；右上不再暴露设置入口；顶部关卡名和倒计时直接复用拼图同款的铭牌 + 下挂计时牌结构、同色板和同造型，并在牌面左侧挂上 `media/logo-runtime-hud.webp` 产品 logo 小图；下方备选栏和道具图标只保留内容与交互边界，不再显示灰白半透底板；中央容器图层视觉可隐藏，但棋盘命中边界仍保留。
 - generated 私有图换签未完成时，局内物品先隐藏等待，不得短暂显示默认积木；同一批资源在重启 run 时保留已解析签名 URL，只有资源源列表变化或换签失败后才允许进入兜底视觉。
 - `itemSize` 只缩放生成 2D 图片本体：`大`、`中`、`小` 均按相对尺寸缩放，其中 `大` 也比原始图片略小，`中` 和 `小` 进一步缩小；不改变后端下发的布局半径、点击半径或三消规则。
 - 物品进入底部物品栏时按同类型插入：如果物品栏已有同类物品，新物品插到该类型最后一个物品后面，后续物品整体后移；没有同类时追加到当前末尾。达到三件同类时，在飞入物品栏动画结束后，左侧和右侧同类物品向中间合成，三件一起消失，播放合成音效，不展示星星图标，后面的物品再向前补位。该动效只是前端表现层，后端和本地试玩仍负责权威插入、指定点击类型清除与补位后的槽位快照。
diff --git a/media/logo-runtime-hud.webp b/media/logo-runtime-hud.webp
new file mode 100644
index 0000000000000000000000000000000000000000..6f4992f82c4eb084ed1892696bdc3527aa53c5bb
GIT binary patch
literal 6530
zcmV-|8GYtbNk&F`82|uRMM6+kP&il$0000G000300093006|PpNcso>00HntYqx3J
zwr%}6r`-FnZQHhO+qR8q+qTVN+qP{ReU_Bc|InLzNol;z5fKxBkNy9#|Nl?rQc53{
zQcIF507&hbA_4$4MHQH1RsdB>e-r^w=A6HxCa7ZZD_?*4rY|lJKzgDypsfF$+g^S5
zn)y)EQ&4Z=#ND~u78L0N0j4_OCJuNpN_qr)vLj7N-m*I&byAapDUNxV^v>KnZVt&#
z#lLBsSdF}VJ)lier2%_AK&o+K<*(CIFw=|l0Z23QXS1T#Nk@PcE+W-Au<?QMD7g`=
zN9PdL`Rramn^YR=r#_%L2X{_b3N<$k$5MwvD*3w^(I$x^Sn^s@Ib`FWklYA<$ZlwK
z<D=`Mma$iXz20EQVJg3ror?3R!yuIt4hQO36W|-9a(I75O-(_)lQt|G`CUN9R>QRa
zr8!67I^?!smY3<nBaP=w2^mWb3*E(zBWQebT9nLGEcL&UVaIExLmN8{%Ra-7Bk6p1
zLDb9$Hl%Z8JKj7K+E{5==|w6>h-*M{vkPs6*zwjGAY-Fp`Io62VdIv$X*iNPQtWvB
zRH$R2VUg#k9J$@Ib0)hHW5<htI(mW`@27Iam4{~MbECnIKSnJBl~P4ST5C;2q?R&J
zLAi__N8?1a+<akFs5}h~MMMflut<|qDt^X}quB9`)VcX~Xqb51tV^!9-JXXWd(uhA
z9JJfk>n}U|cud@IG?k-sW_CV5IyAnrDCXSo=pSEv&r1_H<nGn`FZ<~U8_j{0KX4xv
z<*C{E)F{#T@OiItU^gAu%sKGO7d=7eC>@=hlc=LZC+Vtc?i{kasj8E7j@JH=%n0@y
zHJUm{(bYK0#_hASHEpyeb?1iJS&RMd)a6k#Q?cNC^nQDNPL#|PO#2kA&x{XGnHvB%
zQTt4J6$(;YaZca;5j8i0@3QN&j-NrxO~bL&K2z=w$&Fw$dY_SNXQyJJ_vroQd}B_O
z+!Tzvm)2j#TT6CO@mFepb^JL5$!$2T&y+`?Wk;|cy|<jU3Tk!=rhkUsSH_1XN68KZ
z|D^U+$6rB^+ae;^gVtBZozR+;v=k8lnB!1qZ`%>G0DwrzNEHCnZ}!z2-(j!6dDZ9F
zn+kx`Y)A#B*zR}FkfisSljLJR-)u6VN+xOr7W@3eBwf|n>#m)XeDKRl15(q_fOY=y
zK56O<(bUNa|5zQ6BnTG#14(rTYD(HK=7FT3VxQMYW4KDbvL|YZui_L^8FELSh8mvW
z0GcysGad;Eu44YT=nUKay+u)D6MT-!z?I*C#8z-AEi&V!DA8RV-4)RZeoT!_`6Ebl
ztD6PpHep57*ii9vYFx^1KoESvl=su3GTt^0B|0>$+nLAY_TGvR#NY5$YD~(r(U8D`
zDIcXpWW1xIWB?7jhve3+4?zwKE~dt#{51qg6s*y?N8@~JA=E6O;y=`Als|_cje^bS
z!MN)hnJAEZXt5Y?MJff~r^eFp>u8y1I5-;RzK~1^Hl@X4+$0<8(PMG0pN-wAu^4yF
zMZ@RV#nSQfXql)uj~a{eV$?)b%=;!i7Uw$)qUNFD^Hc__{4!b^D&~Hb9*y($xlywq
z_#KtuDt``1Lc=yRkH^h6MN2`&Oi$4mu<_ApQFHKDDnnNOF$E2WQ5m%IV6^ZAOTO(M
zmH8WsLV_#6byS9}yd0&()^IA7fh&(g3$0?|x7;Ihe`{gX*#1Uk=*quB0uyZD=CRRi
zJxE*yS5X<f@)Fdr1l!UWzWK(Gs0uEn#-}_7H7LQV>K>o_|5iYa>c><jQ29ehNCmUM
zO3#4vrI}D7YB-F_6dDhNL{xD>7L@0q22?QT8}uAFUz;5z9>GpDCegSZB%<%L%YyQo
z5dk+)vtYa$C7goUU!!Ni`Ql6{(FoR~GY_^BYBUW8QPV)>Zjg9BpNlimq7nQo7vF|N
zQ*jP06Mu}S;L2QFfEv#Yxwrx)8sL^(TpQ8NAMpyV&BYb*R9u>i|Dwk8&s_Wr5{=-;
z)I4<jB3d*JXJ<lrL_C6BX?bvN28pI(C8KA-`TioP(G*PoTpo-MOokE-3NEE)LHSoy
zgxm1xOdO9Ek6;~o5}djsYCHu~K1R=h@xE~=@j&nsY7RPn8-kEFr{}<Z?U)M2-ABuS
z@dgCla0)dChoZ$)G4I<<pz)=dQDTDNH`Mr)--RIPij_ML&;6Z6P@{t257g+CKY$?Y
zipAb_kIns!c~Rp+!`G;>DL;dTzze2(k`|fq(Wy`(L&F}_z+AZ<1hH5AiyD{m_Yj0P
z`*XCYj8Dys8XX#Tq<T!Qz6~1U7kralOdY=gK>`bKDK#SH#X!jbDrSC^7LW3w8BvkL
zhLzr;MPqz@IW%OkVT%vxu^2zx91VGF*rjui#NGBrLna&cqj?-|JQNMNY&eSUQMmIs
z2(l?Sg6=Vx^9V>uM-d!G_Xv!3Fr*-#MR1V2_n*7%3qei=2h)1bjR&G3s|_bn`%ZZh
z8q!(>KcV%T@~4oJ7gUVDlh$X(yCy?LW*fHaH}@^jklKRr57GL|cvnGoE6(XN<zG>=
zQ*c$kU4)XHin-rpk2_zU6(u)<UFkhW=jM>yG#o?iGv)5tsaUpi?XQmS&X1ZKRGdtj
z^^&WRN24OU1v}hD($xFK)kxm72@3LCF>d#B-X!U&=DpyiB>BQ0wl1j1umG6%fImFR
ziA`1AClz;7b&~W4ezEJ!00cQMQUOe}?kRt`_d^b7+Nqhjj}3P>Q&r=DZ{PK&<5n0C
zK%^kgRRjRWEw=5+zqsys<KS+pU8kxxsJjhOCpPEc6P~%|*C%f_Uj+b>f@~LQf&ph-
zZmYw;@XL#Dd;0B;V{*b9Pu+US@4kBU=8I2<0j1S~q?am9Fld=>o@LhCcK;JU_0{kH
z=HHiGdBbh@JpAOd&pr3-Q;*$$$IaJXcJ5z)@$Ju@u=h4=FEQt|7_>-}T9E!yr8OxS
zb{RLtG}BK%!}QZmHCe^5i?k-S;G<<JwTeh<B2r7iFiWXbq%{$#r4)Q5E<?x1{{Ptj
z|IaH{P&go35C8!1P5_+&DgXfh0X{t*jYOg$p%Mv%oFD_lvA1xy=z5J`@ZXM}G#hun
ze`Wo#{+aKsSN_fTlc7qD^9}J&)4$(;T>QB05#|B<yZ)Q|w^)xbAF^M!e(fLbJx2e4
z{}=25{CoW`Sht`r?a!u{?$5$M?uYFM|NoHR*nj`|(Er>&6?{Ga0r>&hG3zgFd3-$2
z++WS`zrZinKj-(pKnLaD)PLlEb@9Q~2OtmCPZeJXzo>t}_5=Q5{j>hRr$_uB=szmG
z$Np*l7yifjUx07q|I@$Pe|`Lf`NZ}u`#<b$`aAdjHIY%Qaw;{BMMkm6sMa|Z8ph!V
zzVbmmlb0#0aL=XRI5^W(X91chp1##-*KhQBo_Cv@N2Cv|{&(5S!Mx_~1p~PnGzVlu
z-{SYol`i?I*Purw4ew{_G4?v@)}=e(b-keJ0H)f!>zE9WZw%jZ<Q_{Rh)Mrp(kF*~
z1|_I-0$;dDYkxJ%BHV$ZPug|BL^I%JM7&<uA+BC%(<(KEy_oY0pk_WH{gTXY;tz=S
zpsp}*5ME=4telJ1UMjf0<GV^yjmK)_ZhYg0APj38?i6n3>iN(VGbV?~MmjhyqJe9t
zB2d)vA>U}Wq;KPvm$wKYpMqKy8U^b+!r4lw#k*0Ivk4zX{I<ZfC~AMPG_P6B8YoBR
zz`sbI`6@QNlK=VE9@{Ei9{Q328E7I!{T!A})Zi)t2L{ET?oIgpTiHpFOV**Ingq>b
zk3>P8Z?0<{#Fyr048_0V|K+bTh|0U*B%;YX=MF@X5hY<&e#8M&`3y}R_m$(har%sQ
zpZ&GnC$)32UnUhU`NNS>ta2(fjzvbX$dCX4{{Nfw000IeFUhxx(rU^N{Uy1xUw?=1
z=}XmnP-jot7HHw*HYSq}=@yrL$m}j;*pR~@Aci<3Ox(^O*wQE47juS$qq-N)0biwE
z@!5VN2l{HH>*tQ+%S46eS2iCt_gkq0H9+Vt3>k_PT&X#Yl6Uv^m8G4T$--R(FF_R0
zmVZ3fK%G>h#7G~}gu)>g;+FsUV2h~XjWqAr*$bT$%KzzH-#Ws!4!oE1ja0@jcllt%
zvQr0$L0cd(g3<@rh}ive)88}z&FJZID1{5bmcqosZ;#*IxLCieaYagZnk<Q*u+!$d
z+dQOP3<^HJpTKPzDHn3wkaGEbQoZ$_$!8WTteW89jbHeuXxZ6sAz9&ibkMOQv*9k~
zD#wnJnrMBDs4a)F`)Tr>XPDJZGH6I-ich%cWE05p+@EcM;0Gcs<58zm7d~;v@syJ_
zh7Zn1hzp6{D_ShPiKtE#;<iECqC|*%zo30k2e-BkeF+ZF*|>(iny1ds<MM41__V8c
z0TeBI6<AI%`PT)q<mJ>jaLs|87hUcyV<i-<fC$O+C)Y7-v;*AgVh~w`VE{;>HhCiv
z;`bGsIR*yolQcJrMHg&Ldq76{7nbe2*ZZuCJWkIRStBFsj&1-^ZsA&G+K(Mk-=C<1
zN7Cl-_WxfP?IO`51Q_utIr~|spyhdx%lj?+igB%>Q!igfw_7>;H$<eFf9!Ivc&X$(
zKzH_n?_-kmn>Qmpc~xq$+wi<qwmr3;GDb2OZ6|`Q`=X3Ziz0?u2+}kTG*X9U*$(Ty
zY78}Nz86;c66JHIDl*$SWxtv?V-Wa}perpXr(u20(O>0KiQRRnqUlT_sZ+S<QUCJ%
z6lpsF@e3?csL3OS)6VOC@0L<CXDfHi+Z@lQLoQ)j)=#F%_Fcd0XWQWdjw@=zxW)m8
z;?q@)M$9`6<xc%)#sn3#QEE?`9XvJ8tyVHHJ!Sc?m5>kpDF#DIF+I>uF)Yee_i=dt
zdF<vAcunlPP8KPs<5s!68OZ5gSS9|Mo%d7lb+*`c2c|e4N+^2k0Ghx$4LMtVXT=^L
z!*u!*r&WxoX%$gLBAVUn#2%h}EZ03xoP>yf6SGYa9C!mpd4T5aQZN2eI%=5^UgT?D
zAQ~eVXT9O&$dn?vh5k}tlR95PAESV;;DuI5EVz5Iw-_(_-AfL;oXamHmwX}|=T(|K
zC0pS3G&qH<0BQ~Yy_;SawG`aiBIHE@5%*RJI&c15)=1*bD%Tjo1Fec9>+<45OZlC`
zJthqx@{HTB(ZBO+2P|py202x>Y^v-fnP3dKA)u3m!&@Z2zLS7W_=+xOx)}t?M4cFb
zSPlN=!A?LPF2$dCuux?ZIW4|i*X&AZ2ChW)({RH%JCfrn@+SfDzSSRUN9EO}3N6P2
z_pq>;+p+$m?WZ)&{4>pZLz4Np%j|+Nnc3q-&Sfh)?fRAiO-cnL%V%~0m|t+D>84#P
zZ+P%;jq1}&uTjqLE9QY0qLqn%Kb&(7bs7;G+VmHSpgqJtS2waJ-L!;AZ4Or$M<~f+
zoOKqcw6b2H%;$Ww`lXdm18|-3d}NRL-8Sw3C4Gr9NBU50VGKSu)CKIozkSKFC^aX$
z$-6}4yM2#ZH)><J>}-aisLhPJ5?X1XGAbyVD`6O{?{ND6d&QrIvZF(1jn^V?kbO$h
z@u#tEKUuZ8JrJK{`{;0dN=+GBk&_a$*40tJURNbN;8|LCT(zt&!MAJ%9qLjPx&|zq
zuNXbReS)`%o>(*dcX%6?_=P;2bUBq|WF7`NEDFex+Kmeve|)JAp~>zwr=MDx89^cp
zxZLS;_k`Vh$7I$W(HO8cZe+4GcwiYb3n0Es%x6i)G(wwx*+5Iw*-<oJt^!9gaf4XW
zMYaa0u{nf%1rG<8kFUr9s0)l$U6Olaau&ol;Q9tD;xkK(B$_E59^EYW^;Wpei9HT8
zgzIQYYwRP)%eHuR@RoW2<{yLDi!!(@54UY~H`LfA>ka=T?-#uJI<Lf5npAk&l}zMi
zNJSwORUR#C$=0)ICx+}_#$c;$x=EG`P<GX318biJe`LrRrc?bgCIVzK(~rd5(1_1^
z0*E4*RfRVK_4jNEwo6EhOeo1E2b?F{`<~Q%iYQM--__X<DG_iE-41w08zJv=?0Sp=
zB@?;94=Xi>OsRFi$Dv3x@KnZ-&&v~XGv-IAP_@OzO9-|ary9RM^UJ{`buu)XzU?QB
z_43lq1@O^z+e_10rjYHIx%K;F>Ui_}8GDssd0hXDAc&mn<i-Hw-8fpG{#=e|<Pf)a
zp3UZQ=ePpFisgaM2%jtYB#K3BT!RbkJ#^d7vwJBu9+5I-Z?246A#vF!YeBiviR<>Y
zHNVjIj6ssv>%mP45KVaIBfE94+f;mp4P!#@+8SZd-i~ciaazJ1eB_<~=X_g>W%h<|
zbF)*5KoGTTUI(Iy5r@QBvsW=7O{eb350}}m<4(P$x4ellGm*oT4n`I~qay?0F1K%b
z(bMVpl2T-1b@Arq&N_LqDeWEYzEk|zq@JagvX*$w^~1w-IbnbNbWk`)U$F5Otdeyn
zB~6r?hhz7x%cH9!D8M}*8@`*lKOCQO`iklphjinLsN9dA>Aw$}E00PreK(j|w=Iyu
z)g8M7?2XMo>As>$#_Y6#y%))3rvS33h<G1~H?%4xdBKy56Qk;+bB-7OH4fN9?<0dR
zM~LYmT(+gHnxn0fK5!s|pN&nAAgcL1wbH0h6ysJ|^oSWbI<86>Bef0qcbAvQ$R_c~
z9JCxJmOw$$(DCYbwI~slf$?k$Xuq8q0DOOOnssLu8Hpx!>0!9xzS~PYrUu@cJr8|o
zA)zi~P2dYs{s7mUVoYqR;UbBBL60_v&VD0IsIH6#8!Qr*Y09z2ky`COxpy0+jXQEI
z_43J2BA_87LJ6%d&DY(@HL7FLiep>v&={MHU5(z<V|Nrhyz~it=E}#TQf2(DoH+7i
zdxxQ-s*bTvAI1=}xzD6zSTA8vlhuaSj9IhT%fRT=f+H;Y5Gx?W>p{HGRDJhhON;i`
z?<=iPZn;JhO~rSuS4OSg&}8j{K7{YjrjlbB%mvS9y}9Spj6{Qt=`ucO0M)i?ZU@Pr
zD{K~>);^m?jD4>iLcSvmhnvAlkQp1f>i>V2yZrwavYSYOt~5H&S&LIB-*0?Lr)<sr
zR+2jcvZq}UX*bq|$`g}vq3%P0SH~SUdd*q3#AO?OkqwYckTpF5-1{gK)~^lnC41s}
zC1@aE{uJl^m_b5K$x}wOVhzobf22R9l^`rA4%*?Fzr8;?JmAZwX4^}8!0(;GnN>`r
z?d`zmzn)86<nq!~Vt9)1mZMJz2JlK2)R2(^kdz1N5XeM|_?YTnRqW6ENTizdBCrZt
zPt4XOvn1vB_276x7EGt2%f@?LE2}5K(&Z{noKW@7O9w301etq>zQ01-|ABTU#g$kL
zHwJrRLfa-)q^n~AepmeA{w><0B))ZTKUXFW*xD}l7l@V4BF;Cl`m{3n4x76vSSaYv
zI|Z7lp!47Zk!$aYZ^wZ1;INecq2bE@4PX;T<5(>d-%>k<?!4ARpMtfA5h33op>W8j
zA`v~E_K{=tK<CDn#u#cLJ8`#_WYl1vpidbITvBM^bz@kJqJ-oryGJGDy#4wUYnE>J
zI$$X2f<9oZO&DqR(+%+@yeG+`Z?rU)i=t+vGOMy>1p24}%~cTQoR&G>+>2PqJB%K*
z-(6>LZ!=Y-6%`T?DF3~S7|Rrx0^;MOIaI*#1lZv<7^@^*PP1zL`(83%6D-yYXs-E3
zs?p3#=-B0H&T|0-hg0IXl0ES;P)oF7j;NNDKi9xc1iijTcodXMRCTrIAl-BUJi*N<
zVT2}CpJuJOmhN&329~4w0gK^j!>h<d%4j@=BY4S*Q!>|}6dE%%MW<3?T>211><63%
zh8dCaPUEsMc-U|wT0#3Iq@4)dOsUUIS1!2R_=~K6<S+g|`q}^dH>&WU_>y1zPBz+=
zNW_qOj<7w;fSKW88Gj#M>xlSnQY??EX&ey^!lAE5tU0<LPeA2n?>m3gv87`6*!7K;
zH2FsH3}Heam_+b8t=+|!a4%r+)Q{};SBBW$kIvUhuq-HOte(%#)Xb%3H+IDjA@!3E
zv_*5L$ctWxy2?Uk@^IEn7%`q|vu=?DcUKy3;UyU)oYmgmdT23+95E<x=n3bZ#e%9m
zNt8v?=xc}kS+xlX#CO*hvkckEpb(jB#ZEyo=I*M+tJQV|&kM-DS?{*PX}I=KkqRyP
zynId(;r};2ckk7xxywAaPdS%Y<UJpno-R?)XY$Y*=(l=IG{691T-g!p(KrzSvQ266
zO-=<FtEd6$R1!{y9iV~Dxv44=ir~q+m@|d;sz4bVl7{(FdFV=@>5l?n*EtOub9m^1
zzLcAoFn!qdPA(8!AP!OaWzs_+WZu2#)8;+D8^*}EnFp%6Rccp_Jt9KU@$e&20{h^M
z%+<6JiPg~%iJ>^ZIym*_Le=V`!E>m7<nI(9%2z4owg5A7wAth;EKGKNJ=r*7lFO={
zx|f!D(*y=@3Q9aO`8eYpQYR1lm!sgeBu_Zi5Jknbbgr!L`LwqCJ1@e~E!UzE*>tn-
ozr;MyrlCs0e*`gGxoh8+EtZVqoC(vST-Yf30ssI20000006I6;ga7~l

literal 0
HcmV?d00001

diff --git a/server-rs/crates/api-server/src/bark_battle.rs b/server-rs/crates/api-server/src/bark_battle.rs
index 8e54b0a6..fa33c9ee 100644
--- a/server-rs/crates/api-server/src/bark_battle.rs
+++ b/server-rs/crates/api-server/src/bark_battle.rs
@@ -37,7 +37,7 @@ use time::{Duration as TimeDuration, OffsetDateTime};
 use crate::{
     api_response::json_success_body,
     asset_billing::execute_billable_asset_operation_with_cost,
-    auth::AuthenticatedAccessToken,
+    auth::{AuthenticatedAccessToken, RuntimePrincipal},
     generated_image_assets::{
         GeneratedImageAssetAdapter, GeneratedImageAssetDataUrl,
         adapter::{GeneratedImageAssetAdapterMetadata, GeneratedImageAssetPersistInput},
@@ -506,13 +506,13 @@ pub async fn get_bark_battle_runtime_config(
     State(state): State<AppState>,
     Path(work_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(&request_context, &work_id, "workId")?;
 
     let config = state
         .spacetime_client()
-        .get_bark_battle_runtime_config(work_id, Some(authenticated.claims().user_id().to_string()))
+        .get_bark_battle_runtime_config(work_id, Some(principal.subject().to_string()))
         .await
         .map_err(|error| {
             bark_battle_error_response(&request_context, map_bark_battle_client_error(error))
@@ -526,7 +526,7 @@ pub async fn start_bark_battle_run(
     State(state): State<AppState>,
     Path(work_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<BarkBattleRunStartRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let maybe_payload = payload.ok().map(|Json(payload)| payload);
@@ -543,7 +543,7 @@ pub async fn start_bark_battle_run(
     };
     ensure_non_empty(&request_context, &work_id, "workId")?;
 
-    let owner_user_id = authenticated.claims().user_id().to_string();
+    let owner_user_id = principal.subject().to_string();
     let runtime_config = state
         .spacetime_client()
         .get_bark_battle_runtime_config(work_id.clone(), Some(owner_user_id.clone()))
@@ -593,12 +593,13 @@ pub async fn start_bark_battle_run(
     record_work_play_start_after_success(
         &state,
         &request_context,
-        WorkPlayTrackingDraft::new(
+        WorkPlayTrackingDraft::runtime_principal(
             BARK_BATTLE_PLAY_TYPE_ID,
             work_id.clone(),
-            &authenticated,
+            &principal,
             "/api/runtime/bark-battle/...",
         )
+        .owner_user_id(owner_user_id.clone())
         .extra(json!({
             "runId": run_snapshot.run_id,
             "workId": work_id,
@@ -607,6 +608,7 @@ pub async fn start_bark_battle_run(
             "difficultyPreset": runtime_config.difficulty_preset,
             "sourceRoute": request.source_route,
             "clientRuntimeVersion": request.client_runtime_version,
+            "principalKind": principal.kind().as_str(),
         })),
     )
     .await;
@@ -638,12 +640,12 @@ pub async fn get_bark_battle_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(&request_context, &run_id, "runId")?;
     let run = state
         .spacetime_client()
-        .get_bark_battle_run(run_id, authenticated.claims().user_id().to_string())
+        .get_bark_battle_run(run_id, principal.subject().to_string())
         .await
         .map_err(|error| {
             bark_battle_error_response(&request_context, map_bark_battle_client_error(error))
@@ -657,7 +659,7 @@ pub async fn finish_bark_battle_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<BarkBattleRunFinishRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let Json(payload) = bark_battle_json(payload, &request_context)?;
@@ -698,7 +700,7 @@ pub async fn finish_bark_battle_run(
         .finish_bark_battle_run(BarkBattleRunFinishRecordInput {
             run_id,
             run_token: payload.run_token,
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             work_id: payload.work_id.clone(),
             config_version: u64::from(payload.config_version),
             ruleset_version: payload.ruleset_version.clone(),
diff --git a/server-rs/crates/api-server/src/big_fish.rs b/server-rs/crates/api-server/src/big_fish.rs
index b45dfb2e..1fc8636a 100644
--- a/server-rs/crates/api-server/src/big_fish.rs
+++ b/server-rs/crates/api-server/src/big_fish.rs
@@ -63,7 +63,7 @@ use crate::{
     },
     api_response::json_success_body,
     asset_billing::execute_billable_asset_operation,
-    auth::AuthenticatedAccessToken,
+    auth::{AuthenticatedAccessToken, RuntimePrincipal},
     character_visual_assets::try_apply_background_alpha_to_png,
     http_error::AppError,
     platform_errors::map_oss_error,
@@ -224,7 +224,7 @@ pub async fn record_big_fish_play(
     State(state): State<AppState>,
     Path(session_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<RecordBigFishPlayRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let Json(payload) = payload.map_err(|error| {
@@ -242,7 +242,7 @@ pub async fn record_big_fish_play(
         .spacetime_client()
         .record_big_fish_play(BigFishPlayReportRecordInput {
             session_id: session_id.clone(),
-            user_id: authenticated.claims().user_id().to_string(),
+            user_id: principal.subject().to_string(),
             elapsed_ms: payload.elapsed_ms.unwrap_or(0),
             reported_at_micros: current_utc_micros(),
         })
@@ -254,13 +254,14 @@ pub async fn record_big_fish_play(
     record_work_play_start_after_success(
         &state,
         &request_context,
-        WorkPlayTrackingDraft::new(
+        WorkPlayTrackingDraft::runtime_principal(
             "big-fish",
             session_id.clone(),
-            &authenticated,
+            &principal,
             "/api/runtime/big-fish/sessions/{session_id}/play",
         )
-        .run_id(session_id.clone()),
+        .run_id(session_id.clone())
+        .owner_user_id(principal.subject().to_string()),
     )
     .await;
 
@@ -279,7 +280,7 @@ pub async fn start_big_fish_run(
     State(state): State<AppState>,
     Path(session_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(&request_context, &session_id, "sessionId")?;
 
@@ -288,7 +289,7 @@ pub async fn start_big_fish_run(
         .start_big_fish_run(BigFishRunStartRecordInput {
             run_id: build_prefixed_uuid_id("big-fish-run-"),
             session_id,
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             started_at_micros: current_utc_micros(),
         })
         .await
@@ -339,13 +340,13 @@ pub async fn get_big_fish_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(&request_context, &run_id, "runId")?;
 
     let run = state
         .spacetime_client()
-        .get_big_fish_run(run_id, authenticated.claims().user_id().to_string())
+        .get_big_fish_run(run_id, principal.subject().to_string())
         .await
         .map_err(|error| {
             big_fish_error_response(&request_context, map_big_fish_client_error(error))
@@ -363,7 +364,7 @@ pub async fn submit_big_fish_input(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<SubmitBigFishInputRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let Json(payload) = payload.map_err(|error| {
@@ -384,7 +385,7 @@ pub async fn submit_big_fish_input(
         .spacetime_client()
         .submit_big_fish_input(BigFishInputSubmitRecordInput {
             run_id,
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             x: payload.x,
             y: payload.y,
             submitted_at_micros: current_utc_micros(),
diff --git a/server-rs/crates/api-server/src/match3d.rs b/server-rs/crates/api-server/src/match3d.rs
index 5517c6bd..1513d3ee 100644
--- a/server-rs/crates/api-server/src/match3d.rs
+++ b/server-rs/crates/api-server/src/match3d.rs
@@ -69,7 +69,7 @@ use crate::{
         execute_billable_asset_operation_with_cost, map_asset_operation_wallet_error,
         should_skip_asset_operation_billing_for_connectivity,
     },
-    auth::AuthenticatedAccessToken,
+    auth::{AuthenticatedAccessToken, RuntimePrincipal},
     config::AppConfig,
     generated_asset_sheets::apply_generated_asset_sheet_green_screen_alpha,
     http_error::AppError,
diff --git a/server-rs/crates/api-server/src/match3d/handlers.rs b/server-rs/crates/api-server/src/match3d/handlers.rs
index 6d41626f..6eed1281 100644
--- a/server-rs/crates/api-server/src/match3d/handlers.rs
+++ b/server-rs/crates/api-server/src/match3d/handlers.rs
@@ -1171,7 +1171,7 @@ pub async fn start_match3d_run(
     State(state): State<AppState>,
     Path(profile_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<StartMatch3DRunRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let maybe_payload = payload.ok().map(|Json(payload)| payload);
@@ -1191,7 +1191,7 @@ pub async fn start_match3d_run(
         .spacetime_client()
         .start_match3d_run(Match3DRunStartRecordInput {
             run_id: build_prefixed_uuid_id(MATCH3D_RUN_ID_PREFIX),
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             profile_id: profile_id.clone(),
             started_at_ms: current_utc_ms(),
             item_type_count_override: maybe_payload
@@ -1211,15 +1211,17 @@ pub async fn start_match3d_run(
     record_work_play_start_after_success(
         &state,
         &request_context,
-        WorkPlayTrackingDraft::new(
+        WorkPlayTrackingDraft::runtime_principal(
             "match3d",
             profile_id.clone(),
-            &authenticated,
+            &principal,
             "/api/runtime/match3d/...",
         )
         .profile_id(profile_id.clone())
+        .owner_user_id(principal.subject().to_string())
         .extra(json!({
             "runId": run.run_id,
+            "principalKind": principal.kind().as_str(),
         })),
     )
     .await;
@@ -1236,13 +1238,13 @@ pub async fn get_match3d_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(&request_context, MATCH3D_RUNTIME_PROVIDER, &run_id, "runId")?;
 
     let run = state
         .spacetime_client()
-        .get_match3d_run(run_id, authenticated.claims().user_id().to_string())
+        .get_match3d_run(run_id, principal.subject().to_string())
         .await
         .map_err(|error| {
             match3d_error_response(
@@ -1264,7 +1266,7 @@ pub async fn click_match3d_item(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<ClickMatch3DItemRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let Json(payload) = match3d_json(payload, &request_context, MATCH3D_RUNTIME_PROVIDER)?;
@@ -1286,7 +1288,7 @@ pub async fn click_match3d_item(
         .spacetime_client()
         .click_match3d_item(Match3DRunClickRecordInput {
             run_id: payload.run_id.unwrap_or(run_id),
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             item_instance_id: payload.item_instance_id,
             client_snapshot_version: payload.client_snapshot_version.min(u32::MAX as u64) as u32,
             client_event_id: payload.client_event_id,
@@ -1313,7 +1315,7 @@ pub async fn stop_match3d_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<StopMatch3DRunRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let _ = payload.ok();
@@ -1323,7 +1325,7 @@ pub async fn stop_match3d_run(
         .spacetime_client()
         .stop_match3d_run(Match3DRunStopRecordInput {
             run_id,
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             stopped_at_ms: current_utc_ms(),
         })
         .await
@@ -1347,7 +1349,7 @@ pub async fn restart_match3d_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(&request_context, MATCH3D_RUNTIME_PROVIDER, &run_id, "runId")?;
 
@@ -1356,7 +1358,7 @@ pub async fn restart_match3d_run(
         .restart_match3d_run(Match3DRunRestartRecordInput {
             source_run_id: run_id,
             next_run_id: build_prefixed_uuid_id(MATCH3D_RUN_ID_PREFIX),
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             restarted_at_ms: current_utc_ms(),
         })
         .await
@@ -1380,7 +1382,7 @@ pub async fn finish_match3d_time_up(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(&request_context, MATCH3D_RUNTIME_PROVIDER, &run_id, "runId")?;
 
@@ -1388,7 +1390,7 @@ pub async fn finish_match3d_time_up(
         .spacetime_client()
         .finish_match3d_time_up(Match3DRunTimeUpRecordInput {
             run_id,
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             finished_at_ms: current_utc_ms(),
         })
         .await
diff --git a/server-rs/crates/api-server/src/modules/bark_battle.rs b/server-rs/crates/api-server/src/modules/bark_battle.rs
index 6184150e..5021acf0 100644
--- a/server-rs/crates/api-server/src/modules/bark_battle.rs
+++ b/server-rs/crates/api-server/src/modules/bark_battle.rs
@@ -4,7 +4,7 @@ use axum::{
 };
 
 use crate::{
-    auth::require_bearer_auth,
+    auth::{require_bearer_auth, require_runtime_principal_auth},
     bark_battle::{
         create_bark_battle_draft, delete_bark_battle_work, finish_bark_battle_run,
         generate_bark_battle_image_asset, get_bark_battle_run, get_bark_battle_runtime_config,
@@ -66,26 +66,28 @@ pub fn router(state: AppState) -> Router<AppState> {
             "/api/runtime/bark-battle/works/{work_id}/config",
             get(get_bark_battle_runtime_config).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/bark-battle/works/{work_id}/runs",
             post(start_bark_battle_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/bark-battle/runs/{run_id}",
             get(get_bark_battle_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/bark-battle/runs/{run_id}/finish",
-            post(finish_bark_battle_run)
-                .route_layer(middleware::from_fn_with_state(state, require_bearer_auth)),
+            post(finish_bark_battle_run).route_layer(middleware::from_fn_with_state(
+                state,
+                require_runtime_principal_auth,
+            )),
         )
 }
diff --git a/server-rs/crates/api-server/src/modules/big_fish.rs b/server-rs/crates/api-server/src/modules/big_fish.rs
index 9ce7bbd2..8de88c5b 100644
--- a/server-rs/crates/api-server/src/modules/big_fish.rs
+++ b/server-rs/crates/api-server/src/modules/big_fish.rs
@@ -4,7 +4,7 @@ use axum::{
 };
 
 use crate::{
-    auth::require_bearer_auth,
+    auth::{require_bearer_auth, require_runtime_principal_auth},
     big_fish::{
         create_big_fish_session, delete_big_fish_work, execute_big_fish_action, get_big_fish_run,
         get_big_fish_session, get_big_fish_works, list_big_fish_gallery,
@@ -85,35 +85,35 @@ pub fn router(state: AppState) -> Router<AppState> {
             "/api/runtime/big-fish/sessions/{session_id}/play",
             post(record_big_fish_play).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/big-fish/works/{session_id}/play",
             post(record_big_fish_play).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/big-fish/sessions/{session_id}/runs",
             post(start_big_fish_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/big-fish/runs/{run_id}",
             get(get_big_fish_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/big-fish/runs/{run_id}/input",
             post(submit_big_fish_input).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
 }
diff --git a/server-rs/crates/api-server/src/modules/match3d.rs b/server-rs/crates/api-server/src/modules/match3d.rs
index 90728fa7..a331035c 100644
--- a/server-rs/crates/api-server/src/modules/match3d.rs
+++ b/server-rs/crates/api-server/src/modules/match3d.rs
@@ -4,7 +4,7 @@ use axum::{
 };
 
 use crate::{
-    auth::require_bearer_auth,
+    auth::{require_bearer_auth, require_runtime_principal_auth},
     match3d::{
         click_match3d_item, compile_match3d_agent_draft, create_match3d_agent_session,
         delete_match3d_work, execute_match3d_agent_action, finish_match3d_time_up,
@@ -139,42 +139,42 @@ pub fn router(state: AppState) -> Router<AppState> {
             "/api/runtime/match3d/works/{profile_id}/runs",
             post(start_match3d_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/match3d/runs/{run_id}",
             get(get_match3d_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/match3d/runs/{run_id}/click",
             post(click_match3d_item).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/match3d/runs/{run_id}/stop",
             post(stop_match3d_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/match3d/runs/{run_id}/restart",
             post(restart_match3d_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/match3d/runs/{run_id}/time-up",
             post(finish_match3d_time_up).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
 }
diff --git a/server-rs/crates/api-server/src/modules/square_hole.rs b/server-rs/crates/api-server/src/modules/square_hole.rs
index 93abd129..d074c0d9 100644
--- a/server-rs/crates/api-server/src/modules/square_hole.rs
+++ b/server-rs/crates/api-server/src/modules/square_hole.rs
@@ -4,7 +4,7 @@ use axum::{
 };
 
 use crate::{
-    auth::require_bearer_auth,
+    auth::{require_bearer_auth, require_runtime_principal_auth},
     square_hole::{
         compile_square_hole_agent_draft, create_square_hole_agent_session, delete_square_hole_work,
         drop_square_hole_shape, execute_square_hole_agent_action, finish_square_hole_time_up,
@@ -101,42 +101,42 @@ pub fn router(state: AppState) -> Router<AppState> {
             "/api/runtime/square-hole/works/{profile_id}/runs",
             post(start_square_hole_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/square-hole/runs/{run_id}",
             get(get_square_hole_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/square-hole/runs/{run_id}/drop",
             post(drop_square_hole_shape).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/square-hole/runs/{run_id}/stop",
             post(stop_square_hole_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/square-hole/runs/{run_id}/restart",
             post(restart_square_hole_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/square-hole/runs/{run_id}/time-up",
             post(finish_square_hole_time_up).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
 }
diff --git a/server-rs/crates/api-server/src/modules/visual_novel.rs b/server-rs/crates/api-server/src/modules/visual_novel.rs
index 521122ca..e7a373ab 100644
--- a/server-rs/crates/api-server/src/modules/visual_novel.rs
+++ b/server-rs/crates/api-server/src/modules/visual_novel.rs
@@ -4,7 +4,7 @@ use axum::{
 };
 
 use crate::{
-    auth::require_bearer_auth,
+    auth::{require_bearer_auth, require_runtime_principal_auth},
     state::AppState,
     vector_engine_audio_generation::{
         create_background_music_task, create_sound_effect_task,
@@ -151,33 +151,35 @@ pub fn router(state: AppState) -> Router<AppState> {
             "/api/runtime/visual-novel/works/{profile_id}/runs",
             post(start_visual_novel_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/visual-novel/runs/{run_id}",
             get(get_visual_novel_run).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/visual-novel/runs/{run_id}/actions/stream",
             post(stream_visual_novel_action).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/visual-novel/runs/{run_id}/history",
             get(list_visual_novel_history).route_layer(middleware::from_fn_with_state(
                 state.clone(),
-                require_bearer_auth,
+                require_runtime_principal_auth,
             )),
         )
         .route(
             "/api/runtime/visual-novel/runs/{run_id}/regenerate",
-            post(regenerate_visual_novel_run)
-                .route_layer(middleware::from_fn_with_state(state, require_bearer_auth)),
+            post(regenerate_visual_novel_run).route_layer(middleware::from_fn_with_state(
+                state,
+                require_runtime_principal_auth,
+            )),
         )
 }
diff --git a/server-rs/crates/api-server/src/square_hole.rs b/server-rs/crates/api-server/src/square_hole.rs
index dcfd3ddd..ca8c4f3b 100644
--- a/server-rs/crates/api-server/src/square_hole.rs
+++ b/server-rs/crates/api-server/src/square_hole.rs
@@ -69,7 +69,7 @@ use crate::generated_image_assets::{
 use crate::{
     ai_generation_drafts::{AiGenerationDraftContext, AiGenerationDraftWriter},
     api_response::json_success_body,
-    auth::AuthenticatedAccessToken,
+    auth::{AuthenticatedAccessToken, RuntimePrincipal},
     http_error::AppError,
     openai_image_generation::{
         DownloadedOpenAiImage, build_openai_image_http_client, create_openai_image_generation,
@@ -739,7 +739,7 @@ pub async fn start_square_hole_run(
     State(state): State<AppState>,
     Path(profile_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<StartSquareHoleRunRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let maybe_payload = payload.ok().map(|Json(payload)| payload);
@@ -758,7 +758,7 @@ pub async fn start_square_hole_run(
         .spacetime_client()
         .start_square_hole_run(SquareHoleRunStartRecordInput {
             run_id: build_prefixed_uuid_id(SQUARE_HOLE_RUN_ID_PREFIX),
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             profile_id: profile_id.clone(),
             started_at_ms: current_utc_ms(),
         })
@@ -774,15 +774,17 @@ pub async fn start_square_hole_run(
     record_work_play_start_after_success(
         &state,
         &request_context,
-        WorkPlayTrackingDraft::new(
+        WorkPlayTrackingDraft::runtime_principal(
             "square-hole",
             profile_id.clone(),
-            &authenticated,
+            &principal,
             "/api/runtime/square-hole/...",
         )
         .profile_id(profile_id.clone())
+        .owner_user_id(principal.subject().to_string())
         .extra(json!({
             "runId": run.run_id,
+            "principalKind": principal.kind().as_str(),
         })),
     )
     .await;
@@ -799,7 +801,7 @@ pub async fn get_square_hole_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(
         &request_context,
@@ -810,7 +812,7 @@ pub async fn get_square_hole_run(
 
     let run = state
         .spacetime_client()
-        .get_square_hole_run(run_id, authenticated.claims().user_id().to_string())
+        .get_square_hole_run(run_id, principal.subject().to_string())
         .await
         .map_err(|error| {
             square_hole_error_response(
@@ -832,7 +834,7 @@ pub async fn drop_square_hole_shape(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<DropSquareHoleShapeRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let Json(payload) = square_hole_json(payload, &request_context, SQUARE_HOLE_RUNTIME_PROVIDER)?;
@@ -859,7 +861,7 @@ pub async fn drop_square_hole_shape(
         .spacetime_client()
         .drop_square_hole_shape(SquareHoleRunDropRecordInput {
             run_id: payload.run_id.unwrap_or(run_id),
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             hole_id: payload.hole_id,
             client_snapshot_version: payload.client_snapshot_version,
             client_event_id: payload.client_event_id,
@@ -887,7 +889,7 @@ pub async fn stop_square_hole_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<StopSquareHoleRunRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let _ = payload.ok();
@@ -902,7 +904,7 @@ pub async fn stop_square_hole_run(
         .spacetime_client()
         .stop_square_hole_run(SquareHoleRunStopRecordInput {
             run_id,
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             stopped_at_ms: current_utc_ms(),
         })
         .await
@@ -926,7 +928,7 @@ pub async fn restart_square_hole_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(
         &request_context,
@@ -940,7 +942,7 @@ pub async fn restart_square_hole_run(
         .restart_square_hole_run(SquareHoleRunRestartRecordInput {
             source_run_id: run_id,
             next_run_id: build_prefixed_uuid_id(SQUARE_HOLE_RUN_ID_PREFIX),
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             restarted_at_ms: current_utc_ms(),
         })
         .await
@@ -964,7 +966,7 @@ pub async fn finish_square_hole_time_up(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(
         &request_context,
@@ -977,7 +979,7 @@ pub async fn finish_square_hole_time_up(
         .spacetime_client()
         .finish_square_hole_time_up(SquareHoleRunTimeUpRecordInput {
             run_id,
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             finished_at_ms: current_utc_ms(),
         })
         .await
diff --git a/server-rs/crates/api-server/src/visual_novel.rs b/server-rs/crates/api-server/src/visual_novel.rs
index 228c147b..d97ffea0 100644
--- a/server-rs/crates/api-server/src/visual_novel.rs
+++ b/server-rs/crates/api-server/src/visual_novel.rs
@@ -30,7 +30,7 @@ use time::OffsetDateTime;
 
 use crate::{
     api_response::json_success_body,
-    auth::AuthenticatedAccessToken,
+    auth::{AuthenticatedAccessToken, RuntimePrincipal},
     http_error::AppError,
     prompt::visual_novel as vn_prompt,
     request_context::RequestContext,
@@ -434,7 +434,7 @@ pub async fn start_visual_novel_run(
     State(state): State<AppState>,
     Path(profile_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<contract::VisualNovelStartRunRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let Json(payload) = parse_json_payload(&request_context, payload)?;
@@ -453,7 +453,7 @@ pub async fn start_visual_novel_run(
         .spacetime_client()
         .start_visual_novel_run(VisualNovelRunStartRecordInput {
             run_id: build_prefixed_uuid_id(domain::VISUAL_NOVEL_RUN_ID_PREFIX),
-            owner_user_id: authenticated.claims().user_id().to_string(),
+            owner_user_id: principal.subject().to_string(),
             profile_id: profile_id.clone(),
             mode: run_mode_to_wire(&payload.mode).to_string(),
             snapshot_json: None,
@@ -467,16 +467,18 @@ pub async fn start_visual_novel_run(
     record_work_play_start_after_success(
         &state,
         &request_context,
-        WorkPlayTrackingDraft::new(
+        WorkPlayTrackingDraft::runtime_principal(
             "visual-novel",
             profile_id.clone(),
-            &authenticated,
+            &principal,
             "/api/runtime/visual-novel/...",
         )
         .profile_id(profile_id.clone())
+        .owner_user_id(principal.subject().to_string())
         .extra(json!({
             "mode": run_mode_to_wire(&payload.mode),
             "runId": run.run_id,
+            "principalKind": principal.kind().as_str(),
         })),
     )
     .await;
@@ -493,12 +495,12 @@ pub async fn get_visual_novel_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(&run_id, "runId")?;
     let run = state
         .spacetime_client()
-        .get_visual_novel_run(run_id, authenticated.claims().user_id().to_string())
+        .get_visual_novel_run(run_id, principal.subject().to_string())
         .await
         .map_err(|error| {
             visual_novel_error_response(&request_context, map_spacetime_error(error))
@@ -516,13 +518,13 @@ pub async fn stream_visual_novel_action(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<contract::VisualNovelRuntimeActionRequest>, JsonRejection>,
 ) -> Result<Response, Response> {
     let Json(payload) = parse_json_payload(&request_context, payload)?;
     ensure_non_empty(&run_id, "runId")?;
     ensure_non_empty(&payload.client_event_id, "clientEventId")?;
-    let owner_user_id = authenticated.claims().user_id().to_string();
+    let owner_user_id = principal.subject().to_string();
     let run = state
         .spacetime_client()
         .get_visual_novel_run(run_id.clone(), owner_user_id.clone())
@@ -569,12 +571,12 @@ pub async fn list_visual_novel_history(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
 ) -> Result<Json<Value>, Response> {
     ensure_non_empty(&run_id, "runId")?;
     let history = state
         .spacetime_client()
-        .list_visual_novel_runtime_history(run_id, authenticated.claims().user_id().to_string())
+        .list_visual_novel_runtime_history(run_id, principal.subject().to_string())
         .await
         .map_err(|error| {
             visual_novel_error_response(&request_context, map_spacetime_error(error))
@@ -595,13 +597,13 @@ pub async fn regenerate_visual_novel_run(
     State(state): State<AppState>,
     Path(run_id): Path<String>,
     Extension(request_context): Extension<RequestContext>,
-    Extension(authenticated): Extension<AuthenticatedAccessToken>,
+    Extension(principal): Extension<RuntimePrincipal>,
     payload: Result<Json<contract::VisualNovelRegenerateRequest>, JsonRejection>,
 ) -> Result<Json<Value>, Response> {
     let Json(payload) = parse_json_payload(&request_context, payload)?;
     ensure_non_empty(&run_id, "runId")?;
     ensure_non_empty(&payload.history_entry_id, "historyEntryId")?;
-    let owner_user_id = authenticated.claims().user_id().to_string();
+    let owner_user_id = principal.subject().to_string();
     let run = state
         .spacetime_client()
         .get_visual_novel_run(run_id.clone(), owner_user_id.clone())
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/public_work_interaction_config_admin_upsert_input_type.rs b/server-rs/crates/spacetime-client/src/module_bindings/public_work_interaction_config_admin_upsert_input_type.rs
new file mode 100644
index 00000000..3f76cc6b
--- /dev/null
+++ b/server-rs/crates/spacetime-client/src/module_bindings/public_work_interaction_config_admin_upsert_input_type.rs
@@ -0,0 +1,15 @@
+// THIS FILE IS AUTOMATICALLY GENERATED BY SPACETIMEDB. EDITS TO THIS FILE
+// WILL NOT BE SAVED. MODIFY TABLES IN YOUR MODULE SOURCE CODE INSTEAD.
+
+#![allow(unused, clippy::all)]
+use spacetimedb_sdk::__codegen::{self as __sdk, __lib, __sats, __ws};
+
+#[derive(__lib::ser::Serialize, __lib::de::Deserialize, Clone, PartialEq, Debug)]
+#[sats(crate = __lib)]
+pub struct PublicWorkInteractionConfigAdminUpsertInput {
+    pub public_work_interactions_json: String,
+}
+
+impl __sdk::InModule for PublicWorkInteractionConfigAdminUpsertInput {
+    type Module = super::RemoteModule;
+}
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/upsert_public_work_interaction_config_procedure.rs b/server-rs/crates/spacetime-client/src/module_bindings/upsert_public_work_interaction_config_procedure.rs
new file mode 100644
index 00000000..88e88d69
--- /dev/null
+++ b/server-rs/crates/spacetime-client/src/module_bindings/upsert_public_work_interaction_config_procedure.rs
@@ -0,0 +1,62 @@
+// THIS FILE IS AUTOMATICALLY GENERATED BY SPACETIMEDB. EDITS TO THIS FILE
+// WILL NOT BE SAVED. MODIFY TABLES IN YOUR MODULE SOURCE CODE INSTEAD.
+
+#![allow(unused, clippy::all)]
+use spacetimedb_sdk::__codegen::{self as __sdk, __lib, __sats, __ws};
+
+use super::creation_entry_config_procedure_result_type::CreationEntryConfigProcedureResult;
+use super::public_work_interaction_config_admin_upsert_input_type::PublicWorkInteractionConfigAdminUpsertInput;
+
+#[derive(__lib::ser::Serialize, __lib::de::Deserialize, Clone, PartialEq, Debug)]
+#[sats(crate = __lib)]
+struct UpsertPublicWorkInteractionConfigArgs {
+    pub input: PublicWorkInteractionConfigAdminUpsertInput,
+}
+
+impl __sdk::InModule for UpsertPublicWorkInteractionConfigArgs {
+    type Module = super::RemoteModule;
+}
+
+#[allow(non_camel_case_types)]
+/// Extension trait for access to the procedure `upsert_public_work_interaction_config`.
+///
+/// Implemented for [`super::RemoteProcedures`].
+pub trait upsert_public_work_interaction_config {
+    fn upsert_public_work_interaction_config(
+        &self,
+        input: PublicWorkInteractionConfigAdminUpsertInput,
+    ) {
+        self.upsert_public_work_interaction_config_then(input, |_, _| {});
+    }
+
+    fn upsert_public_work_interaction_config_then(
+        &self,
+        input: PublicWorkInteractionConfigAdminUpsertInput,
+
+        __callback: impl FnOnce(
+                &super::ProcedureEventContext,
+                Result<CreationEntryConfigProcedureResult, __sdk::InternalError>,
+            ) + Send
+            + 'static,
+    );
+}
+
+impl upsert_public_work_interaction_config for super::RemoteProcedures {
+    fn upsert_public_work_interaction_config_then(
+        &self,
+        input: PublicWorkInteractionConfigAdminUpsertInput,
+
+        __callback: impl FnOnce(
+                &super::ProcedureEventContext,
+                Result<CreationEntryConfigProcedureResult, __sdk::InternalError>,
+            ) + Send
+            + 'static,
+    ) {
+        self.imp
+            .invoke_procedure_with_callback::<_, CreationEntryConfigProcedureResult>(
+                "upsert_public_work_interaction_config",
+                UpsertPublicWorkInteractionConfigArgs { input },
+                __callback,
+            );
+    }
+}
diff --git a/src/components/jump-hop-runtime/JumpHopRuntimeShell.tsx b/src/components/jump-hop-runtime/JumpHopRuntimeShell.tsx
index 8d691720..9ecc2beb 100644
--- a/src/components/jump-hop-runtime/JumpHopRuntimeShell.tsx
+++ b/src/components/jump-hop-runtime/JumpHopRuntimeShell.tsx
@@ -11,7 +11,7 @@ import {
   useState,
 } from 'react';
 
-import jumpHopRuntimeLevelLogo from '../../../media/logo.png';
+import jumpHopRuntimeLevelLogo from '../../../media/logo-runtime-hud.webp';
 import type {
   JumpHopRuntimeRunSnapshotResponse,
   JumpHopTileFaceAsset,
diff --git a/src/components/match3d-runtime/Match3DRuntimeShell.tsx b/src/components/match3d-runtime/Match3DRuntimeShell.tsx
index 2ddef563..b713340a 100644
--- a/src/components/match3d-runtime/Match3DRuntimeShell.tsx
+++ b/src/components/match3d-runtime/Match3DRuntimeShell.tsx
@@ -15,7 +15,7 @@ import {
   useState,
 } from 'react';
 
-import match3DRuntimeLevelLogo from '../../../media/logo.png';
+import match3DRuntimeLevelLogo from '../../../media/logo-runtime-hud.webp';
 import type {
   Match3DClickItemRequest,
   Match3DClickItemResult,
diff --git a/src/components/platform-entry/PlatformEntryFlowShellImpl.tsx b/src/components/platform-entry/PlatformEntryFlowShellImpl.tsx
index 9c1f65b1..13afeaaa 100644
--- a/src/components/platform-entry/PlatformEntryFlowShellImpl.tsx
+++ b/src/components/platform-entry/PlatformEntryFlowShellImpl.tsx
@@ -318,6 +318,7 @@ import {
   submitRpgProfileFeedback,
 } from '../../services/rpg-entry/rpgProfileClient';
 import { requestRpgRuntimeJson } from '../../services/rpg-runtime/rpgRuntimeRequest';
+import { type RuntimeGuestRequestOptions } from '../../services/runtimeGuestAuth';
 import { squareHoleCreationClient } from '../../services/square-hole-creation';
 import {
   dropSquareHoleShape,
@@ -372,13 +373,16 @@ import {
   type CreationWorkShelfItem,
   isPersistedBarkBattleDraftGenerating,
 } from '../custom-world-home/creationWorkShelf';
-import { selectAdjacentPlatformRecommendEntry } from '../rpg-entry/rpgEntryPublicGalleryViewModel';
+import {
+  buildPlatformRecommendFeedEntries,
+  selectAdjacentPlatformRecommendEntry,
+} from '../rpg-entry/rpgEntryPublicGalleryViewModel';
 import {
   isBigFishGalleryEntry,
   isEdutainmentGalleryEntry,
   isJumpHopGalleryEntry,
-  isPuzzleGalleryEntry,
   isPuzzleClearGalleryEntry,
+  isPuzzleGalleryEntry,
   mapPuzzleClearWorkToPlatformGalleryCard,
   mapPuzzleWorkToPlatformGalleryCard,
   type PlatformPublicGalleryCard,
@@ -492,7 +496,6 @@ import {
 import {
   canExposePublicWork,
   EDUTAINMENT_HIDDEN_MESSAGE,
-  filterGeneralPublicWorks,
 } from './platformEdutainmentVisibility';
 import { PlatformEntryCreationTypeModal } from './PlatformEntryCreationTypeModal';
 import type { PlatformCreationTypeId } from './platformEntryCreationTypes';
@@ -523,7 +526,6 @@ import { PlatformEntryWorldDetailView } from './PlatformEntryWorldDetailView';
 import { PlatformErrorDialog } from './PlatformErrorDialog';
 import { PlatformFeedbackView } from './PlatformFeedbackView';
 import { resolvePlatformGenerationProgressTickDecision } from './platformGenerationProgressTickModel';
-import { buildPlatformRecommendedEntries } from './platformRecommendation';
 import {
   buildMatch3DProfileFromSession,
   hasMatch3DRuntimeAsset,
@@ -1476,6 +1478,8 @@ export function PlatformEntryFlowShellImpl({
     useState<MiniGameDraftGenerationState | null>(null);
   const [jumpHopError, setJumpHopError] = useState<string | null>(null);
   const [isJumpHopBusy, setIsJumpHopBusy] = useState(false);
+  const [barkBattleRuntimeRequestOptions, setBarkBattleRuntimeRequestOptions] =
+    useState<RuntimeGuestRequestOptions | null>(null);
   const [puzzleClearSession, setPuzzleClearSession] =
     useState<PuzzleClearSessionSnapshotResponse | null>(null);
   const [puzzleClearRun, setPuzzleClearRun] = useState<
@@ -1579,6 +1583,34 @@ export function PlatformEntryFlowShellImpl({
     useState<PuzzleRuntimeReturnStage>('puzzle-gallery-detail');
   const [puzzleRuntimeAuthMode, setPuzzleRuntimeAuthMode] =
     useState<PuzzleRuntimeAuthMode>('default');
+  const buildRecommendRuntimeRequestOptions = useCallback(
+    async (
+      input: {
+        kind?: RecommendRuntimeKind;
+        embedded?: boolean;
+        forcePublicRuntime?: boolean;
+      } = {},
+    ) => {
+      const shouldUseRuntimeOptions = Boolean(
+        input.forcePublicRuntime ||
+          input.embedded ||
+          (input.kind && activeRecommendRuntimeKind === input.kind),
+      );
+
+      return shouldUseRuntimeOptions
+        ? buildRecommendRuntimeAuthOptions(authUi, true)
+        : {};
+    },
+    [activeRecommendRuntimeKind, authUi],
+  );
+  const buildPuzzleRuntimeRequestOptions = useCallback(
+    () =>
+      buildRecommendRuntimeRequestOptions({
+        kind: 'puzzle',
+        forcePublicRuntime: puzzleRuntimeAuthMode === 'isolated',
+      }),
+    [buildRecommendRuntimeRequestOptions, puzzleRuntimeAuthMode],
+  );
   const [isPuzzleLeaderboardBusy, setIsPuzzleLeaderboardBusy] = useState(false);
   const submittedPuzzleLeaderboardKeysRef = useRef(new Set<string>());
   const puzzleStartInFlightKeyRef = useRef<string | null>(null);
@@ -2910,10 +2942,10 @@ export function PlatformEntryFlowShellImpl({
   } = publicGalleryFeeds;
   const recommendRuntimeEntries = useMemo(
     () =>
-      buildPlatformRecommendedEntries({
-        featuredEntries: filterGeneralPublicWorks(featuredGalleryEntries),
-        latestEntries: filterGeneralPublicWorks(latestGalleryEntries),
-      }),
+      buildPlatformRecommendFeedEntries(
+        featuredGalleryEntries,
+        latestGalleryEntries,
+      ),
     [featuredGalleryEntries, latestGalleryEntries],
   );
 
@@ -6971,15 +7003,17 @@ export function PlatformEntryFlowShellImpl({
           profileId: targetProfileId,
           mode: 'play' as const,
         };
-        const runtimeGuestOptions =
-          options.embedded || workDetail.summary.publishStatus === 'draft'
-            ? await buildRecommendRuntimeAuthOptions(authUi, true)
-            : {};
+        const runtimeRequestOptions = await buildRecommendRuntimeRequestOptions(
+          {
+            kind: 'visual-novel',
+            embedded: options.embedded,
+          },
+        );
         const { run } = options.embedded
           ? await startVisualNovelRun(
               targetProfileId,
               startRunPayload,
-              runtimeGuestOptions,
+              runtimeRequestOptions,
             )
           : await startVisualNovelRun(targetProfileId, startRunPayload);
         setVisualNovelWork(workDetail);
@@ -7005,7 +7039,7 @@ export function PlatformEntryFlowShellImpl({
       }
     },
     [
-      authUi,
+      buildRecommendRuntimeRequestOptions,
       resolvePuzzleErrorMessage,
       setIsVisualNovelBusy,
       setSelectionStage,
@@ -7027,14 +7061,14 @@ export function PlatformEntryFlowShellImpl({
       setVisualNovelError(null);
       setIsVisualNovelBusy(true);
       try {
-        const runtimeGuestOptions =
-          activeRecommendRuntimeKind === 'visual-novel'
-            ? await buildRecommendRuntimeAuthOptions(authUi, true)
-            : {};
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'visual-novel',
+          });
         const nextRun = await streamVisualNovelRuntimeAction(
           visualNovelRun.runId,
           payload,
-          runtimeGuestOptions,
+          runtimeRequestOptions,
         );
         setVisualNovelRun(nextRun);
       } catch (error) {
@@ -7046,8 +7080,7 @@ export function PlatformEntryFlowShellImpl({
       }
     },
     [
-      activeRecommendRuntimeKind,
-      authUi,
+      buildRecommendRuntimeRequestOptions,
       isVisualNovelBusy,
       resolvePuzzleErrorMessage,
       setIsVisualNovelBusy,
@@ -7496,22 +7529,15 @@ export function PlatformEntryFlowShellImpl({
       setJumpHopError(null);
       setJumpHopRuntimeReturnStage(options.returnStage ?? 'work-detail');
       try {
-        const runtimeGuestOptions =
-          options.embedded || shouldUseRecommendRuntimeGuestAuth(authUi)
-            ? await buildRecommendRuntimeAuthOptions(authUi, true)
-            : RECOMMEND_RUNTIME_BACKGROUND_AUTH_OPTIONS;
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'jump-hop',
+            embedded: options.embedded,
+            forcePublicRuntime: shouldUseRecommendRuntimeGuestAuth(authUi),
+          });
         setJumpHopRuntimeRequestOptions(
-          runtimeGuestOptions.runtimeGuestToken?.trim()
-            ? {
-                runtimeGuestToken: runtimeGuestOptions.runtimeGuestToken,
-                authImpact: runtimeGuestOptions.authImpact,
-                skipAuth: runtimeGuestOptions.skipAuth,
-                skipRefresh: runtimeGuestOptions.skipRefresh,
-                notifyAuthStateChange:
-                  runtimeGuestOptions.notifyAuthStateChange,
-                clearAuthOnUnauthorized:
-                  runtimeGuestOptions.clearAuthOnUnauthorized,
-              }
+          Object.keys(runtimeRequestOptions).length > 0
+            ? runtimeRequestOptions
             : null,
         );
         const [detail, runResponse] = await Promise.all([
@@ -7521,7 +7547,7 @@ export function PlatformEntryFlowShellImpl({
                 .getWorkDetail(normalizedProfileId)
                 .catch(() => null),
           jumpHopClient.startRun(normalizedProfileId, {
-            ...runtimeGuestOptions,
+            ...runtimeRequestOptions,
             runtimeMode: 'published',
           }),
         ]);
@@ -7548,7 +7574,7 @@ export function PlatformEntryFlowShellImpl({
         setIsJumpHopBusy(false);
       }
     },
-    [authUi, setSelectionStage],
+    [authUi, buildRecommendRuntimeRequestOptions, setSelectionStage],
   );
 
   useEffect(() => {
@@ -7989,15 +8015,16 @@ export function PlatformEntryFlowShellImpl({
       setPuzzleClearError(null);
       setPuzzleClearRuntimeReturnStage(options.returnStage ?? 'work-detail');
       try {
-        const runtimeGuestOptions = await buildRecommendRuntimeAuthOptions(
-          authUi,
-          options.embedded,
-        );
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'puzzle-clear',
+            embedded: options.embedded,
+          });
         const [detail, runResponse] = await Promise.all([
           puzzleClearClient
             .getRuntimeWorkDetail(normalizedProfileId)
             .catch(() => null),
-          puzzleClearClient.startRun(normalizedProfileId, runtimeGuestOptions),
+          puzzleClearClient.startRun(normalizedProfileId, runtimeRequestOptions),
         ]);
         if (detail?.item) {
           setPuzzleClearWork(detail.item);
@@ -8022,7 +8049,7 @@ export function PlatformEntryFlowShellImpl({
         setIsPuzzleClearBusy(false);
       }
     },
-    [authUi, setSelectionStage],
+    [buildRecommendRuntimeRequestOptions, setSelectionStage],
   );
 
   const retryPuzzleClearLevelRun = useCallback(async () => {
@@ -8047,7 +8074,14 @@ export function PlatformEntryFlowShellImpl({
     setIsPuzzleClearBusy(true);
     setPuzzleClearError(null);
     try {
-      const response = await puzzleClearClient.retryLevel(runId);
+      const runtimeRequestOptions =
+        await buildRecommendRuntimeRequestOptions({
+          kind: 'puzzle-clear',
+        });
+      const response = await puzzleClearClient.retryLevel(
+        runId,
+        runtimeRequestOptions,
+      );
       setPuzzleClearRun(response.run);
     } catch (error) {
       setPuzzleClearError(
@@ -8059,6 +8093,7 @@ export function PlatformEntryFlowShellImpl({
   }, [
     puzzleClearRun,
     puzzleClearWork,
+    buildRecommendRuntimeRequestOptions,
     setSelectionStage,
     startPuzzleClearTestRunFromProfile,
   ]);
@@ -8084,7 +8119,14 @@ export function PlatformEntryFlowShellImpl({
     setIsPuzzleClearBusy(true);
     setPuzzleClearError(null);
     try {
-      const response = await puzzleClearClient.advanceNextLevel(runId);
+      const runtimeRequestOptions =
+        await buildRecommendRuntimeRequestOptions({
+          kind: 'puzzle-clear',
+        });
+      const response = await puzzleClearClient.advanceNextLevel(
+        runId,
+        runtimeRequestOptions,
+      );
       setPuzzleClearRun(response.run);
     } catch (error) {
       setPuzzleClearError(
@@ -8093,7 +8135,12 @@ export function PlatformEntryFlowShellImpl({
     } finally {
       setIsPuzzleClearBusy(false);
     }
-  }, [puzzleClearRun, puzzleClearWork, setSelectionStage]);
+  }, [
+    puzzleClearRun,
+    puzzleClearWork,
+    buildRecommendRuntimeRequestOptions,
+    setSelectionStage,
+  ]);
 
   const markPuzzleClearLevelTimeUp = useCallback(async () => {
     const runId = puzzleClearRun?.runId;
@@ -8107,14 +8154,21 @@ export function PlatformEntryFlowShellImpl({
     }
 
     try {
-      const response = await puzzleClearClient.markTimeUp(runId);
+      const runtimeRequestOptions =
+        await buildRecommendRuntimeRequestOptions({
+          kind: 'puzzle-clear',
+        });
+      const response = await puzzleClearClient.markTimeUp(
+        runId,
+        runtimeRequestOptions,
+      );
       setPuzzleClearRun(response.run);
     } catch (error) {
       setPuzzleClearError(
         resolveRpgCreationErrorMessage(error, '同步拼消消倒计时失败。'),
       );
     }
-  }, [puzzleClearRun]);
+  }, [puzzleClearRun, buildRecommendRuntimeRequestOptions]);
 
   const swapPuzzleClearCardsInRun = useCallback(
     async (payload: {
@@ -8133,7 +8187,15 @@ export function PlatformEntryFlowShellImpl({
         return;
       }
       try {
-        const response = await puzzleClearClient.swapCards(runId, payload);
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'puzzle-clear',
+          });
+        const response = await puzzleClearClient.swapCards(
+          runId,
+          payload,
+          runtimeRequestOptions,
+        );
         setPuzzleClearRun(response.run);
       } catch (error) {
         setPuzzleClearError(
@@ -8141,7 +8203,7 @@ export function PlatformEntryFlowShellImpl({
         );
       }
     },
-    [puzzleClearRun],
+    [puzzleClearRun, buildRecommendRuntimeRequestOptions],
   );
 
   const compileWoodenFishSession = useCallback(
@@ -8493,16 +8555,17 @@ export function PlatformEntryFlowShellImpl({
       setWoodenFishError(null);
       setWoodenFishRuntimeReturnStage(options.returnStage ?? 'work-detail');
       try {
-        const runtimeGuestOptions = await buildRecommendRuntimeAuthOptions(
-          authUi,
-          options.embedded,
-        );
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'wooden-fish',
+            embedded: options.embedded,
+          });
         const [detail, runResponse] = await Promise.all([
           woodenFishClient.getWorkDetail(normalizedProfileId).catch(() => null),
           options.embedded
             ? woodenFishClient.startRun(
                 normalizedProfileId,
-                runtimeGuestOptions,
+                runtimeRequestOptions,
               )
             : woodenFishClient.startRun(normalizedProfileId),
         ]);
@@ -8529,7 +8592,7 @@ export function PlatformEntryFlowShellImpl({
         setIsWoodenFishBusy(false);
       }
     },
-    [authUi, setSelectionStage],
+    [buildRecommendRuntimeRequestOptions, setSelectionStage],
   );
 
   const checkpointWoodenFishRuntimeRun = useCallback(
@@ -8541,10 +8604,18 @@ export function PlatformEntryFlowShellImpl({
       if (!runId) {
         return;
       }
-      const response = await woodenFishClient.checkpointRun(runId, payload);
+      const runtimeRequestOptions =
+        await buildRecommendRuntimeRequestOptions({
+          kind: 'wooden-fish',
+        });
+      const response = await woodenFishClient.checkpointRun(
+        runId,
+        payload,
+        runtimeRequestOptions,
+      );
       setWoodenFishRun(response.run);
     },
-    [woodenFishRun?.runId],
+    [buildRecommendRuntimeRequestOptions, woodenFishRun?.runId],
   );
 
   const executePuzzleAction = puzzleFlow.executeAction;
@@ -9015,9 +9086,12 @@ export function PlatformEntryFlowShellImpl({
 
       try {
         let runtimeProfile: Match3DWorkProfile | Match3DWorkSummary = profile;
+        const canReadProtectedMatch3DDetail =
+          !options.embedded || !shouldUseRecommendRuntimeGuestAuth(authUi);
         if (
-          !hasMatch3DRuntimeAsset(profile.generatedItemAssets) ||
-          !hasMatch3DRuntimeBackgroundAsset(profile)
+          canReadProtectedMatch3DDetail &&
+          (!hasMatch3DRuntimeAsset(profile.generatedItemAssets) ||
+            !hasMatch3DRuntimeBackgroundAsset(profile))
         ) {
           try {
             const { item } = await getMatch3DWorkDetail(profile.profileId);
@@ -9043,12 +9117,14 @@ export function PlatformEntryFlowShellImpl({
           runtimeProfile.generatedBackgroundAsset,
           { expireSeconds: 300 },
         );
-        const runtimeGuestOptions =
-          options.authMode === 'isolated'
-            ? RECOMMEND_RUNTIME_BACKGROUND_AUTH_OPTIONS
-            : await buildRecommendRuntimeAuthOptions(authUi, options.embedded);
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'match3d',
+            embedded: options.embedded,
+            forcePublicRuntime: options.authMode === 'isolated',
+          });
         const runtimeOptions = {
-          ...runtimeGuestOptions,
+          ...runtimeRequestOptions,
           ...(typeof options.itemTypeCountOverride === 'number'
             ? { itemTypeCountOverride: options.itemTypeCountOverride }
             : {}),
@@ -9097,6 +9173,7 @@ export function PlatformEntryFlowShellImpl({
     [
       isMatch3DBusy,
       authUi,
+      buildRecommendRuntimeRequestOptions,
       match3dFlow,
       resolveMatch3DErrorMessage,
       resolveMatch3DRuntimeAdapter,
@@ -9120,12 +9197,13 @@ export function PlatformEntryFlowShellImpl({
       setSquareHoleError(null);
 
       try {
-        const runtimeGuestOptions = await buildRecommendRuntimeAuthOptions(
-          authUi,
-          options.embedded,
-        );
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'square-hole',
+            embedded: options.embedded,
+          });
         const { run } = options.embedded
-          ? await startSquareHoleRun(profile.profileId, runtimeGuestOptions)
+          ? await startSquareHoleRun(profile.profileId, runtimeRequestOptions)
           : await startSquareHoleRun(profile.profileId);
         setSquareHoleRun(run);
         setSquareHoleRuntimeReturnStage(returnStage);
@@ -9157,7 +9235,7 @@ export function PlatformEntryFlowShellImpl({
     },
     [
       isSquareHoleBusy,
-      authUi,
+      buildRecommendRuntimeRequestOptions,
       resolveSquareHoleErrorMessage,
       setSelectionStage,
       setSquareHoleError,
@@ -9275,14 +9353,14 @@ export function PlatformEntryFlowShellImpl({
 
       bigFishInputInFlightRef.current = true;
       try {
-        const runtimeGuestOptions =
-          activeRecommendRuntimeKind === 'big-fish'
-            ? await buildRecommendRuntimeAuthOptions(authUi, true)
-            : {};
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'big-fish',
+          });
         const { run } = await submitBigFishRuntimeInput(
           bigFishRun.runId,
           payload,
-          runtimeGuestOptions,
+          runtimeRequestOptions,
         );
         setBigFishRun(run);
       } catch (error) {
@@ -9294,8 +9372,7 @@ export function PlatformEntryFlowShellImpl({
       }
     },
     [
-      activeRecommendRuntimeKind,
-      authUi,
+      buildRecommendRuntimeRequestOptions,
       bigFishRun,
       resolveBigFishErrorMessage,
       setBigFishError,
@@ -9310,21 +9387,18 @@ export function PlatformEntryFlowShellImpl({
 
     const elapsedMs = Math.max(1_000, Date.now() - bigFishRuntimeStartedAt);
     setBigFishRuntimeStartedAt(null);
-    const reportPromise =
-      activeRecommendRuntimeKind === 'big-fish'
-        ? buildRecommendRuntimeAuthOptions(authUi, true).then(
-            (runtimeAuthOptions) =>
-              recordBigFishPlay(sessionId, { elapsedMs }, runtimeAuthOptions),
-          )
-        : recordBigFishPlay(sessionId, { elapsedMs });
+    const reportPromise = buildRecommendRuntimeRequestOptions({
+      kind: 'big-fish',
+    }).then((runtimeRequestOptions) =>
+      recordBigFishPlay(sessionId, { elapsedMs }, runtimeRequestOptions),
+    );
     void reportPromise.catch((error) => {
       setBigFishError(
         resolveBigFishErrorMessage(error, '记录大鱼吃小鱼游玩时长失败。'),
       );
     });
   }, [
-    activeRecommendRuntimeKind,
-    authUi,
+    buildRecommendRuntimeRequestOptions,
     bigFishRun?.sessionId,
     bigFishRuntimeStartedAt,
     resolveBigFishErrorMessage,
@@ -9642,14 +9716,11 @@ export function PlatformEntryFlowShellImpl({
         profileId: currentLevel.profileId,
         levelId: resolvePuzzleRestartLevelId(currentRun, detailItem),
       };
-      const runtimeGuestOptions =
-        puzzleRuntimeAuthMode === 'isolated'
-          ? await buildRecommendRuntimeGuestOptions()
-          : {};
-      const { run } =
-        puzzleRuntimeAuthMode === 'isolated'
-          ? await startPuzzleRun(startRunPayload, runtimeGuestOptions)
-          : await startPuzzleRun(startRunPayload);
+      const runtimeRequestOptions = await buildPuzzleRuntimeRequestOptions();
+      const { run } = await startPuzzleRun(
+        startRunPayload,
+        runtimeRequestOptions,
+      );
       setSelectedPuzzleDetail(detailItem);
       puzzleRunRef.current = run;
       setPuzzleRun(run);
@@ -9663,7 +9734,7 @@ export function PlatformEntryFlowShellImpl({
   }, [
     isPuzzleBusy,
     puzzleRun,
-    puzzleRuntimeAuthMode,
+    buildPuzzleRuntimeRequestOptions,
     resolvePuzzleErrorMessage,
     selectedPuzzleDetail,
     setIsPuzzleBusy,
@@ -9775,16 +9846,10 @@ export function PlatformEntryFlowShellImpl({
       return;
     }
 
-    const submitLeaderboardPromise =
-      puzzleRuntimeAuthMode === 'isolated'
-        ? buildRecommendRuntimeGuestOptions().then((runtimeGuestOptions) =>
-            submitPuzzleLeaderboard(
-              puzzleRun.runId,
-              payload,
-              runtimeGuestOptions,
-            ),
-          )
-        : submitPuzzleLeaderboard(puzzleRun.runId, payload);
+    const submitLeaderboardPromise = buildPuzzleRuntimeRequestOptions().then(
+      (runtimeRequestOptions) =>
+        submitPuzzleLeaderboard(puzzleRun.runId, payload, runtimeRequestOptions),
+    );
 
     void submitLeaderboardPromise
       .then(({ run }) => {
@@ -9808,7 +9873,7 @@ export function PlatformEntryFlowShellImpl({
     authUi?.user?.displayName,
     platformBootstrap,
     puzzleRun,
-    puzzleRuntimeAuthMode,
+    buildPuzzleRuntimeRequestOptions,
     resolvePuzzleErrorMessage,
     setPuzzleError,
   ]);
@@ -9838,10 +9903,7 @@ export function PlatformEntryFlowShellImpl({
           return;
         }
 
-        const runtimeGuestOptions =
-          puzzleRuntimeAuthMode === 'isolated'
-            ? await buildRecommendRuntimeGuestOptions()
-            : {};
+        const runtimeRequestOptions = await buildPuzzleRuntimeRequestOptions();
         const targetProfileId = _target?.profileId?.trim() ?? '';
         if (puzzleRun.nextLevelMode === 'similarWorks' && targetProfileId) {
           const itemPromise =
@@ -9850,18 +9912,13 @@ export function PlatformEntryFlowShellImpl({
               : getPuzzleGalleryDetail(targetProfileId).then(
                   (response) => response.item,
                 );
-          const advancePromise =
-            puzzleRuntimeAuthMode === 'isolated'
-              ? advancePuzzleNextLevel(
-                  puzzleRun.runId,
-                  {
-                    targetProfileId,
-                  },
-                  runtimeGuestOptions,
-                )
-              : advancePuzzleNextLevel(puzzleRun.runId, {
-                  targetProfileId,
-                });
+          const advancePromise = advancePuzzleNextLevel(
+            puzzleRun.runId,
+            {
+              targetProfileId,
+            },
+            runtimeRequestOptions,
+          );
           const [{ run }, item] = await Promise.all([
             advancePromise,
             itemPromise,
@@ -9878,14 +9935,11 @@ export function PlatformEntryFlowShellImpl({
           return;
         }
 
-        const { run } =
-          puzzleRuntimeAuthMode === 'isolated'
-            ? await advancePuzzleNextLevel(
-                puzzleRun.runId,
-                {},
-                runtimeGuestOptions,
-              )
-            : await advancePuzzleNextLevel(puzzleRun.runId, {});
+        const { run } = await advancePuzzleNextLevel(
+          puzzleRun.runId,
+          {},
+          runtimeRequestOptions,
+        );
         setPuzzleRun(run);
       } catch (error) {
         setPuzzleError(resolvePuzzleErrorMessage(error, '准备下一关失败。'));
@@ -9898,7 +9952,7 @@ export function PlatformEntryFlowShellImpl({
       isPuzzleBusy,
       isPuzzleLeaderboardBusy,
       puzzleRun,
-      puzzleRuntimeAuthMode,
+      buildPuzzleRuntimeRequestOptions,
       resolvePuzzleErrorMessage,
       selectedPuzzleDetail,
       setIsPuzzleBusy,
@@ -12436,12 +12490,13 @@ export function PlatformEntryFlowShellImpl({
       setBigFishRuntimeReturnStage(returnStage);
       setBigFishRun(null);
       try {
-        const runtimeGuestOptions = await buildRecommendRuntimeAuthOptions(
-          authUi,
-          options.embedded,
-        );
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'big-fish',
+            embedded: options.embedded,
+          });
         const { run } = options.embedded
-          ? await startBigFishRuntimeRun(sessionId, runtimeGuestOptions)
+          ? await startBigFishRuntimeRun(sessionId, runtimeRequestOptions)
           : await startBigFishRuntimeRun(sessionId);
         setBigFishRuntimeStartedAt(Date.now());
         setBigFishRun(run);
@@ -12452,7 +12507,7 @@ export function PlatformEntryFlowShellImpl({
           );
         }
         const recordPlayPromise = options.embedded
-          ? recordBigFishPlay(sessionId, { elapsedMs: 0 }, runtimeGuestOptions)
+          ? recordBigFishPlay(sessionId, { elapsedMs: 0 }, runtimeRequestOptions)
           : recordBigFishPlay(sessionId, { elapsedMs: 0 });
         void recordPlayPromise.catch((error) => {
           setBigFishError(
@@ -12468,7 +12523,7 @@ export function PlatformEntryFlowShellImpl({
       }
     },
     [
-      authUi,
+      buildRecommendRuntimeRequestOptions,
       bigFishFlow,
       resolveBigFishErrorMessage,
       setBigFishError,
@@ -12495,12 +12550,18 @@ export function PlatformEntryFlowShellImpl({
       );
       setBarkBattleRuntimeReturnStage(returnStage);
       try {
-        const runtimeGuestOptions = await buildRecommendRuntimeAuthOptions(
-          authUi,
-          options.embedded,
+        const runtimeRequestOptions =
+          await buildRecommendRuntimeRequestOptions({
+            kind: 'bark-battle',
+            embedded: options.embedded,
+          });
+        setBarkBattleRuntimeRequestOptions(
+          Object.keys(runtimeRequestOptions).length > 0
+            ? runtimeRequestOptions
+            : null,
         );
         const runResponse = options.embedded
-          ? await startBarkBattleRun(item.workId, {}, runtimeGuestOptions)
+          ? await startBarkBattleRun(item.workId, {}, runtimeRequestOptions)
           : await startBarkBattleRun(item.workId);
         void runResponse;
         selectionStageRef.current = 'bark-battle-runtime';
@@ -12521,7 +12582,11 @@ export function PlatformEntryFlowShellImpl({
         return false;
       }
     },
-    [authUi, resolveBarkBattleErrorMessage, setSelectionStage],
+    [
+      buildRecommendRuntimeRequestOptions,
+      resolveBarkBattleErrorMessage,
+      setSelectionStage,
+    ],
   );
 
   const startSelectedPublicWork = useCallback(() => {
@@ -12975,10 +13040,12 @@ export function PlatformEntryFlowShellImpl({
 
             match3dFlow.setIsBusy(true);
             setMatch3DError(null);
-            void resolveMatch3DRuntimeAdapter(
-              activeMatch3DRuntimeProfile?.profileId,
-            )
-              .restartRun(match3dRun.runId)
+            void buildRecommendRuntimeRequestOptions({ kind: 'match3d' })
+              .then((runtimeRequestOptions) =>
+                resolveMatch3DRuntimeAdapter(
+                  activeMatch3DRuntimeProfile?.profileId,
+                ).restartRun(match3dRun.runId, runtimeRequestOptions),
+              )
               .then(({ run }) => {
                 setMatch3DRun(run);
               })
@@ -12992,24 +13059,28 @@ export function PlatformEntryFlowShellImpl({
               });
           }}
           onOptimisticRunChange={setMatch3DRun}
-          onClickItem={(payload) => {
+          onClickItem={async (payload) => {
             const runId = payload.runId ?? match3dRun?.runId;
             if (!runId) {
               return Promise.reject(new Error('抓大鹅运行态缺少 runId。'));
             }
+            const runtimeRequestOptions =
+              await buildRecommendRuntimeRequestOptions({ kind: 'match3d' });
             return resolveMatch3DRuntimeAdapter(
               activeMatch3DRuntimeProfile?.profileId,
-            ).clickItem(runId, payload);
+            ).clickItem(runId, payload, runtimeRequestOptions);
           }}
           onTimeExpired={() => {
             if (!match3dRun?.runId) {
               return;
             }
 
-            void resolveMatch3DRuntimeAdapter(
-              activeMatch3DRuntimeProfile?.profileId,
-            )
-              .finishTimeUp(match3dRun.runId)
+            void buildRecommendRuntimeRequestOptions({ kind: 'match3d' })
+              .then((runtimeRequestOptions) =>
+                resolveMatch3DRuntimeAdapter(
+                  activeMatch3DRuntimeProfile?.profileId,
+                ).finishTimeUp(match3dRun.runId, runtimeRequestOptions),
+              )
               .then(({ run }) => {
                 setMatch3DRun(run);
               })
@@ -13143,9 +13214,17 @@ export function PlatformEntryFlowShellImpl({
               squareHoleRun?.runId &&
               squareHoleRun.status.toLowerCase() === 'running'
             ) {
-              void stopSquareHoleRun(squareHoleRun.runId).catch(
-                () => undefined,
-              );
+              void buildRecommendRuntimeRequestOptions({
+                kind: 'square-hole',
+              })
+                .then((runtimeRequestOptions) =>
+                  stopSquareHoleRun(
+                    squareHoleRun.runId,
+                    undefined,
+                    runtimeRequestOptions,
+                  ),
+                )
+                .catch(() => undefined);
             }
             setActiveRecommendRuntimeKind(null);
           }}
@@ -13156,7 +13235,12 @@ export function PlatformEntryFlowShellImpl({
 
             squareHoleFlow.setIsBusy(true);
             setSquareHoleError(null);
-            void restartSquareHoleRun(squareHoleRun.runId)
+            void buildRecommendRuntimeRequestOptions({
+              kind: 'square-hole',
+            })
+              .then((runtimeRequestOptions) =>
+                restartSquareHoleRun(squareHoleRun.runId, runtimeRequestOptions),
+              )
               .then(({ run }) => {
                 setSquareHoleRun(run);
               })
@@ -13178,14 +13262,26 @@ export function PlatformEntryFlowShellImpl({
             if (!runId) {
               return Promise.reject(new Error('方洞挑战运行态缺少 runId。'));
             }
-            return dropSquareHoleShape(runId, payload);
+            return buildRecommendRuntimeRequestOptions({
+              kind: 'square-hole',
+            }).then((runtimeRequestOptions) =>
+              dropSquareHoleShape(runId, payload, runtimeRequestOptions),
+            );
           }}
           onTimeExpired={() => {
             if (!squareHoleRun?.runId) {
               return;
             }
 
-            void finishSquareHoleTimeUp(squareHoleRun.runId)
+            void buildRecommendRuntimeRequestOptions({
+              kind: 'square-hole',
+            })
+              .then((runtimeRequestOptions) =>
+                finishSquareHoleTimeUp(
+                  squareHoleRun.runId,
+                  runtimeRequestOptions,
+                ),
+              )
               .then(({ run }) => {
                 setSquareHoleRun(run);
               })
@@ -13230,6 +13326,7 @@ export function PlatformEntryFlowShellImpl({
           workId={barkBattlePublishedConfig.workId}
           publishedConfig={barkBattlePublishedConfig}
           runtimeMode="published"
+          runtimeRequestOptions={barkBattleRuntimeRequestOptions ?? undefined}
           onExit={() => {
             setActiveRecommendRuntimeKind(null);
           }}
@@ -13260,7 +13357,9 @@ export function PlatformEntryFlowShellImpl({
     activeRecommendEntryKey,
     activeRecommendRuntimeKind,
     barkBattlePublishedConfig,
+    barkBattleRuntimeRequestOptions,
     babyObjectMatchDraft,
+    buildRecommendRuntimeRequestOptions,
     bigFishError,
     bigFishRun,
     bigFishRuntimeShare,
@@ -13297,6 +13396,7 @@ export function PlatformEntryFlowShellImpl({
     recommendRuntimeEntries,
     remodelCurrentPuzzleRuntimeWork,
     resolveMatch3DErrorMessage,
+    resolveMatch3DRuntimeAdapter,
     resolveSquareHoleErrorMessage,
     reportBigFishObservedPlayTime,
     restartBigFishRun,
@@ -16663,6 +16763,9 @@ export function PlatformEntryFlowShellImpl({
                   workId={barkBattlePublishedConfig.workId}
                   publishedConfig={barkBattlePublishedConfig}
                   runtimeMode={barkBattleRuntimeMode}
+                  runtimeRequestOptions={
+                    barkBattleRuntimeRequestOptions ?? undefined
+                  }
                   onExit={() => {
                     if (
                       barkBattleRuntimeReturnStage === 'bark-battle-result' &&
diff --git a/src/components/puzzle-runtime/PuzzleRuntimeShell.test.tsx b/src/components/puzzle-runtime/PuzzleRuntimeShell.test.tsx
index a12fe475..888affb7 100644
--- a/src/components/puzzle-runtime/PuzzleRuntimeShell.test.tsx
+++ b/src/components/puzzle-runtime/PuzzleRuntimeShell.test.tsx
@@ -724,7 +724,7 @@ test('顶部不显示作者，关卡标题和倒计时使用游戏铭牌结构',
   const levelLogo = screen.getByTestId(
     'puzzle-runtime-level-logo',
   ) as HTMLImageElement;
-  expect(levelLogo.getAttribute('src')).toContain('logo.png');
+  expect(levelLogo.getAttribute('src')).toContain('logo-runtime-hud.webp');
   expect(levelLogo.closest('.puzzle-runtime-level-logo')).toBeTruthy();
   expect(document.querySelector('.puzzle-runtime-level-mascot')).toBeNull();
   expect(timer.closest('.puzzle-runtime-timer-card')).toBeTruthy();
diff --git a/src/components/puzzle-runtime/PuzzleRuntimeShell.tsx b/src/components/puzzle-runtime/PuzzleRuntimeShell.tsx
index cfbd941d..4d48416b 100644
--- a/src/components/puzzle-runtime/PuzzleRuntimeShell.tsx
+++ b/src/components/puzzle-runtime/PuzzleRuntimeShell.tsx
@@ -18,7 +18,7 @@ import {
 } from 'react';
 import { createPortal } from 'react-dom';
 
-import puzzleLevelLogo from '../../../media/logo.png';
+import puzzleLevelLogo from '../../../media/logo-runtime-hud.webp';
 import type {
   DragPuzzlePieceRequest,
   PuzzleBoardSnapshot,
diff --git a/src/components/rpg-entry/RpgEntryFlowShell.agent.interaction.test.tsx b/src/components/rpg-entry/RpgEntryFlowShell.agent.interaction.test.tsx
index d8fa7251..7b025caf 100644
--- a/src/components/rpg-entry/RpgEntryFlowShell.agent.interaction.test.tsx
+++ b/src/components/rpg-entry/RpgEntryFlowShell.agent.interaction.test.tsx
@@ -7810,6 +7810,113 @@ test('logged out home recommendation next starts the next puzzle work', async ()
   });
 });
 
+test('home recommendation next follows the same scored queue shown in preview', async () => {
+  const user = userEvent.setup();
+  const quietWork = {
+    workId: 'puzzle-work-public-quiet',
+    profileId: 'puzzle-profile-public-quiet',
+    ownerUserId: 'user-2',
+    sourceSessionId: 'puzzle-session-public-quiet',
+    authorDisplayName: '拼图作者',
+    levelName: '安静拼图',
+    summary: '列表里排在前面但热度较低。',
+    themeTags: ['安静', '拼图'],
+    coverImageSrc: null,
+    coverAssetId: null,
+    publicationStatus: 'published',
+    updatedAt: '2026-04-25T10:00:00.000Z',
+    publishedAt: '2026-04-25T10:00:00.000Z',
+    playCount: 40,
+    likeCount: 0,
+    publishReady: true,
+  } satisfies PuzzleWorkSummary;
+  const hotWork = {
+    ...quietWork,
+    workId: 'puzzle-work-public-hot',
+    profileId: 'puzzle-profile-public-hot',
+    sourceSessionId: 'puzzle-session-public-hot',
+    levelName: '热门拼图',
+    summary: '推荐评分更高，应该先展示。',
+    playCount: 120,
+    updatedAt: '2026-04-25T09:00:00.000Z',
+    publishedAt: '2026-04-25T09:00:00.000Z',
+  } satisfies PuzzleWorkSummary;
+  const middleWork = {
+    ...quietWork,
+    workId: 'puzzle-work-public-middle',
+    profileId: 'puzzle-profile-public-middle',
+    sourceSessionId: 'puzzle-session-public-middle',
+    levelName: '中间拼图',
+    summary: '推荐评分排在后面。',
+    playCount: 0,
+    updatedAt: '2026-04-25T08:00:00.000Z',
+    publishedAt: '2026-04-25T08:00:00.000Z',
+  } satisfies PuzzleWorkSummary;
+
+  vi.mocked(listPuzzleGallery).mockResolvedValue({
+    items: [quietWork, hotWork, middleWork],
+  });
+  vi.mocked(getPuzzleGalleryDetail).mockImplementation(async (profileId) => ({
+    item:
+      profileId === hotWork.profileId
+        ? hotWork
+        : profileId === middleWork.profileId
+          ? middleWork
+          : quietWork,
+  }));
+  vi.mocked(startPuzzleRun).mockImplementation(async (payload) => ({
+    run: buildMockPuzzleRun(
+      payload.profileId,
+      payload.profileId === hotWork.profileId
+        ? hotWork.levelName
+        : payload.profileId === middleWork.profileId
+          ? middleWork.levelName
+          : quietWork.levelName,
+    ),
+  }));
+
+  render(<TestWrapper withAuth />);
+
+  await waitFor(() => {
+    expect(startPuzzleRun).toHaveBeenCalledWith(
+      {
+        profileId: hotWork.profileId,
+        levelId: null,
+      },
+      LOGGED_IN_RECOMMEND_RUNTIME_AUTH_OPTIONS,
+    );
+  });
+  expect(
+    await screen.findByLabelText('热门拼图 作品信息', undefined, {
+      timeout: 3000,
+    }),
+  ).toBeTruthy();
+  const nextPreview = document.querySelector(
+    '.platform-recommend-swipe-page--next',
+  );
+  expect(nextPreview).toBeTruthy();
+  expect(
+    within(nextPreview as HTMLElement).getByLabelText('安静拼图 作品信息'),
+  ).toBeTruthy();
+
+  await user.click(await screen.findByRole('button', { name: '下一个' }));
+
+  await waitFor(() => {
+    expect(startPuzzleRun).toHaveBeenCalledWith(
+      {
+        profileId: quietWork.profileId,
+        levelId: null,
+      },
+      LOGGED_IN_RECOMMEND_RUNTIME_AUTH_OPTIONS,
+    );
+  });
+  expect(
+    await screen.findByLabelText('安静拼图 作品信息', undefined, {
+      timeout: 3000,
+    }),
+  ).toBeTruthy();
+});
+
 test('home recommendation keeps cover while switching during a pending puzzle start', async () => {
   const user = userEvent.setup();
   const firstWork = {
@@ -8142,6 +8249,54 @@ test('home recommendation Match3D runtime keeps profile generated models when ca
   });
 });
 
+test('logged out home recommendation Match3D runtime skips protected detail and starts with guest auth', async () => {
+  const match3dCard: Match3DWorkSummary = {
+    workId: 'match3d-work-card-guest',
+    profileId: 'match3d-profile-card-guest',
+    ownerUserId: 'user-2',
+    sourceSessionId: 'match3d-session-card-guest',
+    gameName: '游客抓大鹅',
+    themeText: '游客果园',
+    summary: '游客可直接游玩。',
+    tags: ['果园', '抓大鹅'],
+    coverImageSrc: null,
+    referenceImageSrc: null,
+    clearCount: 3,
+    difficulty: 5,
+    publicationStatus: 'published',
+    playCount: 3,
+    updatedAt: '2026-04-25T10:30:00.000Z',
+    publishedAt: '2026-04-25T10:30:00.000Z',
+    publishReady: true,
+    generatedItemAssets: [],
+  };
+
+  vi.mocked(listMatch3DGallery).mockResolvedValue({
+    items: [match3dCard],
+  });
+  vi.mocked(getMatch3DWorkDetail).mockResolvedValue({
+    item: match3dCard,
+  });
+  match3dServerRuntimeAdapterMock.startRun.mockResolvedValue({
+    run: buildMockMatch3DRun(match3dCard.profileId),
+  });
+
+  render(<TestWrapper />);
+
+  await waitFor(() => {
+    expect(match3dServerRuntimeAdapterMock.startRun).toHaveBeenCalledWith(
+      'match3d-profile-card-guest',
+      expect.objectContaining({
+        runtimeGuestToken: 'runtime-guest-token',
+        skipRefresh: true,
+      }),
+    );
+  });
+  expect(getMatch3DWorkDetail).not.toHaveBeenCalledWith(
+    'match3d-profile-card-guest',
+  );
+});
+
 test('home recommendation Match3D runtime keeps image, music and UI assets without requiring models', async () => {
   const match3dCard: Match3DWorkSummary = {
     workId: 'match3d-work-card-image-only',
@@ -9357,6 +9512,7 @@ test('formal puzzle runtime uses frontend move merge logic and backend leaderboa
         elapsedMs: 18_000,
         nickname: '测试玩家',
       },
+      LOGGED_IN_RECOMMEND_RUNTIME_AUTH_OPTIONS,
     );
   });
 
@@ -9377,6 +9533,7 @@ test('formal puzzle runtime uses frontend move merge logic and backend leaderboa
     expect(advancePuzzleNextLevel).toHaveBeenCalledWith(
       clearedFirstLevel.runId,
       {},
+      LOGGED_IN_RECOMMEND_RUNTIME_AUTH_OPTIONS,
     );
   });
   expect(
@@ -9539,6 +9696,7 @@ test('formal puzzle similar work keeps current run level progression', async ()
     expect(advancePuzzleNextLevel).toHaveBeenCalledWith(
       clearedThirdLevel.runId,
       { targetProfileId: 'puzzle-profile-similar-2' },
+      LOGGED_IN_RECOMMEND_RUNTIME_AUTH_OPTIONS,
     );
   });
   expect(startPuzzleRun).not.toHaveBeenCalled();
diff --git a/src/components/rpg-entry/rpgEntryPublicGalleryViewModel.test.ts b/src/components/rpg-entry/rpgEntryPublicGalleryViewModel.test.ts
index 3071ce05..351590a8 100644
--- a/src/components/rpg-entry/rpgEntryPublicGalleryViewModel.test.ts
+++ b/src/components/rpg-entry/rpgEntryPublicGalleryViewModel.test.ts
@@ -189,6 +189,27 @@ test('public gallery ViewModel builds recommend feed from general public entries
   ).toEqual([latestPuzzle]);
 });
 
+test('public gallery ViewModel keeps recommend feed in scored runtime order', () => {
+  const quietPuzzle = buildPuzzleEntry({
+    profileId: 'quiet',
+    worldName: '安静拼图',
+    playCount: 0,
+    updatedAt: '2026-05-03T00:00:00.000Z',
+    publishedAt: '2026-05-03T00:00:00.000Z',
+  });
+  const hotPuzzle = buildPuzzleEntry({
+    profileId: 'hot',
+    worldName: '热门拼图',
+    playCount: 120,
+    updatedAt: '2026-05-02T00:00:00.000Z',
+    publishedAt: '2026-05-02T00:00:00.000Z',
+  });
+
+  expect(buildPlatformRecommendFeedEntries([], [quietPuzzle, hotPuzzle])).toEqual(
+    [hotPuzzle, quietPuzzle],
+  );
+});
+
 test('public gallery ViewModel selects recommend feed window with wraparound neighbors', () => {
   const firstEntry = buildPuzzleEntry({ profileId: 'first' });
   const secondEntry = buildJumpHopEntry({ profileId: 'second' });
diff --git a/src/components/rpg-entry/rpgEntryPublicGalleryViewModel.ts b/src/components/rpg-entry/rpgEntryPublicGalleryViewModel.ts
index 6c2a4e85..f0194e85 100644
--- a/src/components/rpg-entry/rpgEntryPublicGalleryViewModel.ts
+++ b/src/components/rpg-entry/rpgEntryPublicGalleryViewModel.ts
@@ -1,5 +1,6 @@
 import { filterGeneralPublicWorks } from '../platform-entry/platformEdutainmentVisibility';
 import { getPlatformPublicGalleryEntryKey } from '../platform-entry/platformPublicGalleryFlow';
+import { buildPlatformRecommendedEntries } from '../platform-entry/platformRecommendation';
 import {
   buildPlatformWorldDisplayTags,
   isBarkBattleGalleryEntry,
@@ -146,9 +147,10 @@ export function buildPlatformRecommendFeedEntries(
   featuredEntries: PlatformPublicGalleryCard[],
   latestEntries: PlatformPublicGalleryCard[],
 ) {
-  return dedupePlatformPublicGalleryEntries(
-    filterGeneralPublicWorks([...featuredEntries, ...latestEntries]),
-  );
+  return buildPlatformRecommendedEntries({
+    featuredEntries: filterGeneralPublicWorks(featuredEntries),
+    latestEntries: filterGeneralPublicWorks(latestEntries),
+  });
 }
 
 export function selectAdjacentPlatformRecommendEntry(
diff --git a/src/components/wooden-fish-runtime/WoodenFishRuntimeShell.tsx b/src/components/wooden-fish-runtime/WoodenFishRuntimeShell.tsx
index 6c9c5382..71780d6b 100644
--- a/src/components/wooden-fish-runtime/WoodenFishRuntimeShell.tsx
+++ b/src/components/wooden-fish-runtime/WoodenFishRuntimeShell.tsx
@@ -8,7 +8,7 @@ import {
   useState,
 } from 'react';
 
-import woodenFishRuntimeLogo from '../../../media/logo.png';
+import woodenFishRuntimeLogo from '../../../media/logo-runtime-hud.webp';
 import type {
   WoodenFishRuntimeRunSnapshotResponse,
   WoodenFishWordCounter,
diff --git a/src/games/bark-battle/ui/BarkBattleRuntimeShell.tsx b/src/games/bark-battle/ui/BarkBattleRuntimeShell.tsx
index 0a233871..20918be7 100644
--- a/src/games/bark-battle/ui/BarkBattleRuntimeShell.tsx
+++ b/src/games/bark-battle/ui/BarkBattleRuntimeShell.tsx
@@ -8,6 +8,7 @@ import type {
   BarkBattleServerResult,
 } from '../../../../packages/shared/src/contracts/barkBattle';
 import {
+  type BarkBattleRuntimeRequestOptions,
   finishBarkBattleRun,
   startBarkBattleRun,
 } from '../../../services/bark-battle-runtime';
@@ -31,6 +32,7 @@ type BarkBattleRuntimeShellProps = {
   workId?: string;
   publishedConfig?: BarkBattlePublishedConfig | null;
   runtimeMode?: BarkBattleRuntimeMode;
+  runtimeRequestOptions?: BarkBattleRuntimeRequestOptions;
   onExit?: () => void;
 };
 
@@ -266,6 +268,7 @@ export function BarkBattleRuntimeShell({
   workId,
   publishedConfig,
   runtimeMode = 'draft',
+  runtimeRequestOptions,
   onExit,
 }: BarkBattleRuntimeShellProps) {
   const initialConfig = useMemo(
@@ -404,20 +407,24 @@ export function BarkBattleRuntimeShell({
         0,
         runtimeConfigRef.current.roundDurationMs - nextSnapshot.remainingMs,
       );
-      void finishBarkBattleRun(activeRun.runId, {
-        runId: activeRun.runId,
-        runToken: activeRun.runToken,
-        workId: activeRun.workId,
-        configVersion: activeRun.configVersion,
-        rulesetVersion: activeRun.rulesetVersion,
-        difficultyPreset: activeRun.difficultyPreset,
-        clientStartedAt: startedAt,
-        clientFinishedAt: finishedAt,
-        durationMs,
-        derivedMetrics: buildDerivedMetrics(),
-        clientResult: resolveClientResult(nextSnapshot.winner),
-        clientRuntimeVersion: BARK_BATTLE_CLIENT_RUNTIME_VERSION,
-      })
+      void finishBarkBattleRun(
+        activeRun.runId,
+        {
+          runId: activeRun.runId,
+          runToken: activeRun.runToken,
+          workId: activeRun.workId,
+          configVersion: activeRun.configVersion,
+          rulesetVersion: activeRun.rulesetVersion,
+          difficultyPreset: activeRun.difficultyPreset,
+          clientStartedAt: startedAt,
+          clientFinishedAt: finishedAt,
+          durationMs,
+          derivedMetrics: buildDerivedMetrics(),
+          clientResult: resolveClientResult(nextSnapshot.winner),
+          clientRuntimeVersion: BARK_BATTLE_CLIENT_RUNTIME_VERSION,
+        },
+        runtimeRequestOptions,
+      )
         .then(() => {
           appendDebugEvent('正式成绩已提交');
         })
@@ -433,6 +440,7 @@ export function BarkBattleRuntimeShell({
       buildDerivedMetrics,
       controller,
       isPublishedRuntime,
+      runtimeRequestOptions,
     ],
   );
 
@@ -447,14 +455,18 @@ export function BarkBattleRuntimeShell({
       pendingRunStartRef.current = (async () => {
         try {
           setRuntimeError(null);
-          const started = await startBarkBattleRun(replacementConfig.workId, {
-            // 中文注释：公开广场摘要可能滞后于已发布运行配置；正式开局以服务端当前发布快照为准。
-            sourceRoute:
-              typeof window === 'undefined'
-                ? 'bark-battle-runtime'
-                : window.location.pathname,
-            clientRuntimeVersion: BARK_BATTLE_CLIENT_RUNTIME_VERSION,
-          });
+          const started = await startBarkBattleRun(
+            replacementConfig.workId,
+            {
+              // 中文注释：公开广场摘要可能滞后于已发布运行配置；正式开局以服务端当前发布快照为准。
+              sourceRoute:
+                typeof window === 'undefined'
+                  ? 'bark-battle-runtime'
+                  : window.location.pathname,
+              clientRuntimeVersion: BARK_BATTLE_CLIENT_RUNTIME_VERSION,
+            },
+            runtimeRequestOptions,
+          );
           const serverRuntimeConfig = buildRuntimeConfigFromServerConfig(
             started.runtimeConfig,
           );
@@ -491,7 +503,13 @@ export function BarkBattleRuntimeShell({
       })();
     }
     return pendingRunStartRef.current ?? Promise.resolve(true);
-    }, [appendDebugEvent, controller, isPublishedRuntime, replacementConfig]);
+    }, [
+      appendDebugEvent,
+      controller,
+      isPublishedRuntime,
+      replacementConfig,
+      runtimeRequestOptions,
+    ]);
 
   const syncSnapshot = useCallback(() => {
     const nextSnapshot = controller.getSnapshot();
diff --git a/src/services/big-fish-runtime/bigFishRuntimeClient.ts b/src/services/big-fish-runtime/bigFishRuntimeClient.ts
index 39407713..b5526dd9 100644
--- a/src/services/big-fish-runtime/bigFishRuntimeClient.ts
+++ b/src/services/big-fish-runtime/bigFishRuntimeClient.ts
@@ -58,10 +58,14 @@ export function startBigFishRun(
   });
 }
 
-export function getBigFishRun(runId: string) {
+export function getBigFishRun(
+  runId: string,
+  options: BigFishRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<BigFishRunResponse>({
     url: buildRuntimeApiPath(BIG_FISH_RUNTIME_API_BASE, 'runs', runId),
     fallbackMessage: '读取大鱼吃小鱼玩法失败',
+    requestOptions: options,
   });
 }
 
diff --git a/src/services/jump-hop/jumpHopClient.test.ts b/src/services/jump-hop/jumpHopClient.test.ts
index eef764cb..0a4931ce 100644
--- a/src/services/jump-hop/jumpHopClient.test.ts
+++ b/src/services/jump-hop/jumpHopClient.test.ts
@@ -139,4 +139,14 @@ test('jump hop work detail preserves flattened back button asset', async () => {
   const response = await jumpHopClient.getWorkDetail('profile-1');
 
   expect(response.item.backButtonAsset).toEqual(backButtonAsset);
+  expect(requestJsonMock).toHaveBeenCalledWith(
+    '/api/runtime/jump-hop/works/profile-1',
+    { method: 'GET' },
+    '读取跳一跳作品详情失败',
+    expect.objectContaining({
+      retry: expect.objectContaining({ maxRetries: 1 }),
+      skipAuth: true,
+      skipRefresh: true,
+    }),
+  );
 });
diff --git a/src/services/jump-hop/jumpHopClient.ts b/src/services/jump-hop/jumpHopClient.ts
index dfb1f245..1fc34824 100644
--- a/src/services/jump-hop/jumpHopClient.ts
+++ b/src/services/jump-hop/jumpHopClient.ts
@@ -19,6 +19,7 @@ import type {
   JumpHopWorkSummaryResponse,
 } from '../../../packages/shared/src/contracts/jumpHop';
 import {
+  type ApiRequestOptions,
   type ApiRetryOptions,
   requestJson,
 } from '../apiClient';
@@ -196,10 +197,19 @@ export async function getJumpHopWorkDetail(
     options.audience === 'creation'
       ? JUMP_HOP_WORKS_API_BASE
       : `${JUMP_HOP_RUNTIME_API_BASE}/works`;
+  const requestOptions: ApiRequestOptions =
+    options.audience === 'creation'
+      ? {}
+      : {
+          retry: JUMP_HOP_RUNTIME_READ_RETRY,
+          skipAuth: true,
+          skipRefresh: true,
+        };
   const response = await requestJson<JumpHopWorkDetailResponse>(
     `${base}/${encodeURIComponent(profileId)}`,
     { method: 'GET' },
     '读取跳一跳作品详情失败',
+    requestOptions,
   );
   return normalizeJumpHopWorkDetailResponse(response);
 }
diff --git a/src/services/match3d-runtime/match3dRuntimeAdapter.test.ts b/src/services/match3d-runtime/match3dRuntimeAdapter.test.ts
index 5a1951d4..ea34f105 100644
--- a/src/services/match3d-runtime/match3dRuntimeAdapter.test.ts
+++ b/src/services/match3d-runtime/match3dRuntimeAdapter.test.ts
@@ -64,30 +64,63 @@ test('server Match3D runtime adapter forwards the full runtime seam lazily', asy
     stopRun: vi.fn().mockResolvedValue(stopResponse),
   };
   const adapter = createServerMatch3DRuntimeAdapter(dependencies);
+  const runtimeRequestOptions = {
+    runtimeGuestToken: 'runtime-guest-token',
+    skipRefresh: true,
+  };
 
-  expect(await adapter.startRun('server-profile-1', { skipRefresh: true })).toBe(
-    startResponse,
+  expect(
+    await adapter.startRun('server-profile-1', runtimeRequestOptions),
+  ).toBe(startResponse);
+  expect(await adapter.getRun('server-run-start', runtimeRequestOptions)).toBe(
+    getResponse,
   );
-  expect(await adapter.getRun('server-run-start')).toBe(getResponse);
-  expect(await adapter.clickItem('server-run-start', clickPayload)).toEqual({
+  expect(
+    await adapter.clickItem(
+      'server-run-start',
+      clickPayload,
+      runtimeRequestOptions,
+    ),
+  ).toEqual({
     status: 'Accepted',
     run: buildMockRun('server-run-click'),
   });
-  expect(await adapter.restartRun('server-run-start')).toBe(restartResponse);
-  expect(await adapter.stopRun('server-run-restart')).toBe(stopResponse);
-  expect(await adapter.finishTimeUp('server-run-start')).toBe(finishResponse);
+  expect(
+    await adapter.restartRun('server-run-start', runtimeRequestOptions),
+  ).toBe(restartResponse);
+  expect(await adapter.stopRun('server-run-restart', runtimeRequestOptions)).toBe(
+    stopResponse,
+  );
+  expect(
+    await adapter.finishTimeUp('server-run-start', runtimeRequestOptions),
+  ).toBe(finishResponse);
 
-  expect(dependencies.startRun).toHaveBeenCalledWith('server-profile-1', {
-    skipRefresh: true,
-  });
-  expect(dependencies.getRun).toHaveBeenCalledWith('server-run-start');
+  expect(dependencies.startRun).toHaveBeenCalledWith(
+    'server-profile-1',
+    runtimeRequestOptions,
+  );
+  expect(dependencies.getRun).toHaveBeenCalledWith(
+    'server-run-start',
+    runtimeRequestOptions,
+  );
   expect(dependencies.clickItem).toHaveBeenCalledWith(
     'server-run-start',
     clickPayload,
+    runtimeRequestOptions,
+  );
+  expect(dependencies.restartRun).toHaveBeenCalledWith(
+    'server-run-start',
+    runtimeRequestOptions,
+  );
+  expect(dependencies.stopRun).toHaveBeenCalledWith(
+    'server-run-restart',
+    undefined,
+    runtimeRequestOptions,
+  );
+  expect(dependencies.finishTimeUp).toHaveBeenCalledWith(
+    'server-run-start',
+    runtimeRequestOptions,
   );
-  expect(dependencies.restartRun).toHaveBeenCalledWith('server-run-start');
-  expect(dependencies.stopRun).toHaveBeenCalledWith('server-run-restart');
-  expect(dependencies.finishTimeUp).toHaveBeenCalledWith('server-run-start');
 });
 
 test('local Match3D runtime adapter exposes the same runtime seam as the server client', async () => {
diff --git a/src/services/match3d-runtime/match3dRuntimeAdapter.ts b/src/services/match3d-runtime/match3dRuntimeAdapter.ts
index 9d70d405..9e47957b 100644
--- a/src/services/match3d-runtime/match3dRuntimeAdapter.ts
+++ b/src/services/match3d-runtime/match3dRuntimeAdapter.ts
@@ -24,14 +24,27 @@ export type Match3DRuntimeAdapter = {
     profileId: string,
     options?: Match3DRuntimeRequestOptions,
   ) => Promise<Match3DRunResponse>;
-  getRun: (runId: string) => Promise<Match3DRunResponse>;
+  getRun: (
+    runId: string,
+    options?: Match3DRuntimeRequestOptions,
+  ) => Promise<Match3DRunResponse>;
   clickItem: (
     runId: string,
     payload: Match3DClickItemRequest,
+    options?: Match3DRuntimeRequestOptions,
   ) => Promise<Match3DClickItemResult>;
-  restartRun: (runId: string) => Promise<Match3DRunResponse>;
-  stopRun: (runId: string) => Promise<Match3DRunResponse>;
-  finishTimeUp: (runId: string) => Promise<Match3DRunResponse>;
+  restartRun: (
+    runId: string,
+    options?: Match3DRuntimeRequestOptions,
+  ) => Promise<Match3DRunResponse>;
+  stopRun: (
+    runId: string,
+    options?: Match3DRuntimeRequestOptions,
+  ) => Promise<Match3DRunResponse>;
+  finishTimeUp: (
+    runId: string,
+    options?: Match3DRuntimeRequestOptions,
+  ) => Promise<Match3DRunResponse>;
 };
 
 export type LocalMatch3DRuntimeAdapterOptions = {
@@ -63,12 +76,13 @@ export function createServerMatch3DRuntimeAdapter(
     defaultServerMatch3DRuntimeAdapterDependencies,
 ): Match3DRuntimeAdapter {
   return {
-    clickItem: (runId, payload) => dependencies.clickItem(runId, payload),
-    finishTimeUp: (runId) => dependencies.finishTimeUp(runId),
-    getRun: (runId) => dependencies.getRun(runId),
-    restartRun: (runId) => dependencies.restartRun(runId),
+    clickItem: (runId, payload, options) =>
+      dependencies.clickItem(runId, payload, options),
+    finishTimeUp: (runId, options) => dependencies.finishTimeUp(runId, options),
+    getRun: (runId, options) => dependencies.getRun(runId, options),
+    restartRun: (runId, options) => dependencies.restartRun(runId, options),
     startRun: (profileId, options) => dependencies.startRun(profileId, options),
-    stopRun: (runId) => dependencies.stopRun(runId),
+    stopRun: (runId, options) => dependencies.stopRun(runId, undefined, options),
   };
 }
 
diff --git a/src/services/match3d-runtime/match3dRuntimeClient.ts b/src/services/match3d-runtime/match3dRuntimeClient.ts
index 721306c5..fa2e4e24 100644
--- a/src/services/match3d-runtime/match3dRuntimeClient.ts
+++ b/src/services/match3d-runtime/match3dRuntimeClient.ts
@@ -89,11 +89,15 @@ export function startMatch3DRun(
 /**
  * 读取抓大鹅运行态快照。
  */
-export function getMatch3DRun(runId: string) {
+export function getMatch3DRun(
+  runId: string,
+  options: Match3DRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<Match3DRunResponse>({
     url: buildRuntimeApiPath(MATCH3D_RUNTIME_API_BASE, 'runs', runId),
     fallbackMessage: '读取抓大鹅运行快照失败',
     retry: MATCH3D_RUNTIME_READ_RETRY,
+    requestOptions: options,
   });
 }
 
@@ -103,6 +107,7 @@ export function getMatch3DRun(runId: string) {
 export async function clickMatch3DItem(
   runId: string,
   payload: Match3DClickItemRequest,
+  options: Match3DRuntimeRequestOptions = {},
 ) {
   const response = await requestRuntimeJson<Match3DClickResponse>({
     url: buildRuntimeApiPath(MATCH3D_RUNTIME_API_BASE, 'runs', runId, 'click'),
@@ -113,6 +118,7 @@ export async function clickMatch3DItem(
     },
     fallbackMessage: '确认抓大鹅点击失败',
     retry: MATCH3D_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 
   return mapClickConfirmation(payload, response.confirmation);
@@ -126,6 +132,7 @@ export function stopMatch3DRun(
   payload: StopMatch3DRunRequest = {
     clientActionId: `match3d-stop-${Date.now()}`,
   },
+  options: Match3DRuntimeRequestOptions = {},
 ) {
   return requestRuntimeJson<Match3DRunResponse>({
     url: buildRuntimeApiPath(MATCH3D_RUNTIME_API_BASE, 'runs', runId, 'stop'),
@@ -133,30 +140,39 @@ export function stopMatch3DRun(
     jsonBody: payload,
     fallbackMessage: '停止抓大鹅玩法失败',
     retry: MATCH3D_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
 /**
  * 基于当前 run 重开一局。
  */
-export function restartMatch3DRun(runId: string) {
+export function restartMatch3DRun(
+  runId: string,
+  options: Match3DRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<Match3DRunResponse>({
     url: buildRuntimeApiPath(MATCH3D_RUNTIME_API_BASE, 'runs', runId, 'restart'),
     method: 'POST',
     fallbackMessage: '重新开始抓大鹅玩法失败',
     retry: MATCH3D_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
 /**
  * 前端倒计时归零后通知后端确认失败状态。
  */
-export function finishMatch3DTimeUp(runId: string) {
+export function finishMatch3DTimeUp(
+  runId: string,
+  options: Match3DRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<Match3DRunResponse>({
     url: buildRuntimeApiPath(MATCH3D_RUNTIME_API_BASE, 'runs', runId, 'time-up'),
     method: 'POST',
     fallbackMessage: '同步抓大鹅倒计时失败',
     retry: MATCH3D_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
diff --git a/src/services/puzzle-runtime/puzzleRuntimeClient.test.ts b/src/services/puzzle-runtime/puzzleRuntimeClient.test.ts
index 68f3accc..fc02c911 100644
--- a/src/services/puzzle-runtime/puzzleRuntimeClient.test.ts
+++ b/src/services/puzzle-runtime/puzzleRuntimeClient.test.ts
@@ -61,7 +61,7 @@ describe('puzzleRuntimeClient', () => {
     );
   });
 
-  it('keeps pause requests on account auth options instead of guest auth', async () => {
+  it('uses runtime guest auth for pause requests when provided', async () => {
     await updatePuzzleRunPause(
       'run/1',
       { paused: true },
@@ -76,17 +76,19 @@ describe('puzzleRuntimeClient', () => {
     expect(init).toEqual(
       expect.objectContaining({
         method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
+        headers: {
+          'Content-Type': 'application/json',
+          Authorization: 'Bearer runtime-guest-token',
+        },
         body: JSON.stringify({ paused: true }),
       }),
     );
-    expect(init.headers).not.toHaveProperty('Authorization');
     expect(options).toEqual(
       expect.objectContaining({
         authImpact: 'local',
+        skipAuth: true,
         skipRefresh: true,
       }),
     );
-    expect(options).not.toMatchObject({ skipAuth: true });
   });
 });
diff --git a/src/services/puzzle-runtime/puzzleRuntimeClient.ts b/src/services/puzzle-runtime/puzzleRuntimeClient.ts
index 1e314fe4..158e1c37 100644
--- a/src/services/puzzle-runtime/puzzleRuntimeClient.ts
+++ b/src/services/puzzle-runtime/puzzleRuntimeClient.ts
@@ -8,10 +8,7 @@ import type {
   UpdatePuzzleRuntimePauseRequest,
   UsePuzzleRuntimePropRequest,
 } from '../../../packages/shared/src/contracts/puzzleRuntimeSession';
-import {
-  type ApiRetryOptions,
-  requestJson,
-} from '../apiClient';
+import { type ApiRetryOptions } from '../apiClient';
 import { type RuntimeGuestRequestOptions } from '../runtimeGuestAuth';
 import { buildRuntimeApiPath, requestRuntimeJson } from '../runtimeRequest';
 
@@ -52,11 +49,15 @@ export async function startPuzzleRun(
 /**
  * 读取拼图运行态快照。
  */
-export async function getPuzzleRun(runId: string) {
+export async function getPuzzleRun(
+  runId: string,
+  options: PuzzleRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<PuzzleRunResponse>({
     url: buildRuntimeApiPath(PUZZLE_RUNTIME_API_BASE, runId),
     fallbackMessage: '读取拼图运行快照失败',
     retry: PUZZLE_RUNTIME_READ_RETRY,
+    requestOptions: options,
   });
 }
 
@@ -66,6 +67,7 @@ export async function getPuzzleRun(runId: string) {
 export async function swapPuzzlePieces(
   runId: string,
   payload: SwapPuzzlePiecesRequest,
+  options: PuzzleRuntimeRequestOptions = {},
 ) {
   return requestRuntimeJson<PuzzleRunResponse>({
     url: buildRuntimeApiPath(PUZZLE_RUNTIME_API_BASE, runId, 'swap'),
@@ -73,6 +75,7 @@ export async function swapPuzzlePieces(
     jsonBody: payload,
     fallbackMessage: '交换拼图块失败',
     retry: PUZZLE_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
@@ -82,6 +85,7 @@ export async function swapPuzzlePieces(
 export async function dragPuzzlePieceOrGroup(
   runId: string,
   payload: DragPuzzlePieceRequest,
+  options: PuzzleRuntimeRequestOptions = {},
 ) {
   return requestRuntimeJson<PuzzleRunResponse>({
     url: buildRuntimeApiPath(PUZZLE_RUNTIME_API_BASE, runId, 'drag'),
@@ -89,6 +93,7 @@ export async function dragPuzzlePieceOrGroup(
     jsonBody: payload,
     fallbackMessage: '拖动拼图块失败',
     retry: PUZZLE_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
@@ -141,22 +146,14 @@ export async function updatePuzzleRunPause(
   payload: UpdatePuzzleRuntimePauseRequest,
   options: PuzzleRuntimeRequestOptions = {},
 ) {
-  return requestJson<PuzzleRunResponse>(
-    buildRuntimeApiPath(PUZZLE_RUNTIME_API_BASE, runId, 'pause'),
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify(payload),
-    },
-    '更新拼图计时状态失败',
-    {
-      retry: PUZZLE_RUNTIME_WRITE_RETRY,
-      authImpact: options.authImpact,
-      skipRefresh: options.skipRefresh,
-      notifyAuthStateChange: options.notifyAuthStateChange,
-      clearAuthOnUnauthorized: options.clearAuthOnUnauthorized,
-    },
-  );
+  return requestRuntimeJson<PuzzleRunResponse>({
+    url: buildRuntimeApiPath(PUZZLE_RUNTIME_API_BASE, runId, 'pause'),
+    method: 'POST',
+    jsonBody: payload,
+    fallbackMessage: '更新拼图计时状态失败',
+    retry: PUZZLE_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
+  });
 }
 
 /**
@@ -167,22 +164,14 @@ export async function usePuzzleRuntimeProp(
   payload: UsePuzzleRuntimePropRequest,
   options: PuzzleRuntimeRequestOptions = {},
 ) {
-  return requestJson<PuzzleRunResponse>(
-    buildRuntimeApiPath(PUZZLE_RUNTIME_API_BASE, runId, 'props'),
-    {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify(payload),
-    },
-    '使用拼图道具失败',
-    {
-      retry: PUZZLE_RUNTIME_WRITE_RETRY,
-      authImpact: options.authImpact,
-      skipRefresh: options.skipRefresh,
-      notifyAuthStateChange: options.notifyAuthStateChange,
-      clearAuthOnUnauthorized: options.clearAuthOnUnauthorized,
-    },
-  );
+  return requestRuntimeJson<PuzzleRunResponse>({
+    url: buildRuntimeApiPath(PUZZLE_RUNTIME_API_BASE, runId, 'props'),
+    method: 'POST',
+    jsonBody: payload,
+    fallbackMessage: '使用拼图道具失败',
+    retry: PUZZLE_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
+  });
 }
 
 export const puzzleRuntimeClient = {
diff --git a/src/services/recommendedRuntimeGuestLaunch.test.ts b/src/services/recommendedRuntimeGuestLaunch.test.ts
index e7cd8345..5844cb1c 100644
--- a/src/services/recommendedRuntimeGuestLaunch.test.ts
+++ b/src/services/recommendedRuntimeGuestLaunch.test.ts
@@ -13,17 +13,56 @@ vi.mock('./apiClient', async () => {
   };
 });
 
-import { startBarkBattleRun } from './bark-battle-runtime/barkBattleRuntimeClient';
-import { startBigFishRun } from './big-fish-runtime/bigFishRuntimeClient';
+import {
+  finishBarkBattleRun,
+  getBarkBattleRuntimeConfig,
+  startBarkBattleRun,
+} from './bark-battle-runtime/barkBattleRuntimeClient';
+import {
+  getBigFishRun,
+  recordBigFishPlay,
+  startBigFishRun,
+  submitBigFishInput,
+} from './big-fish-runtime/bigFishRuntimeClient';
 import { startJumpHopRuntimeRun } from './jump-hop/jumpHopClient';
-import { startMatch3DRun } from './match3d-runtime/match3dRuntimeClient';
+import {
+  clickMatch3DItem,
+  finishMatch3DTimeUp,
+  getMatch3DRun,
+  restartMatch3DRun,
+  startMatch3DRun,
+  stopMatch3DRun,
+} from './match3d-runtime/match3dRuntimeClient';
 import {
   advancePuzzleNextLevel,
+  dragPuzzlePieceOrGroup,
+  getPuzzleRun,
   startPuzzleRun,
   submitPuzzleLeaderboard,
+  swapPuzzlePieces,
+  updatePuzzleRunPause,
+  usePuzzleRuntimeProp,
 } from './puzzle-runtime/puzzleRuntimeClient';
-import { startSquareHoleRun } from './square-hole-runtime/squareHoleRuntimeClient';
-import { startVisualNovelRun } from './visual-novel-runtime/visualNovelRuntimeClient';
+import { puzzleClearClient } from './puzzle-clear/puzzleClearClient';
+import {
+  dropSquareHoleShape,
+  finishSquareHoleTimeUp,
+  getSquareHoleRun,
+  restartSquareHoleRun,
+  startSquareHoleRun,
+  stopSquareHoleRun,
+} from './square-hole-runtime/squareHoleRuntimeClient';
+import {
+  checkpointWoodenFishRun,
+  finishWoodenFishRun,
+  startWoodenFishRuntimeRun,
+} from './wooden-fish/woodenFishClient';
+import {
+  getVisualNovelHistory,
+  getVisualNovelRun,
+  regenerateVisualNovelRun,
+  startVisualNovelRun,
+} from './visual-novel-runtime/visualNovelRuntimeClient';
 
 describe('recommended runtime guest launch clients', () => {
   beforeEach(() => {
@@ -31,6 +70,25 @@ describe('recommended runtime guest launch clients', () => {
     apiClientMocks.requestJson.mockResolvedValue({ run: {} });
   });
 
+  function expectRuntimeGuestRequest(expectedUrl: string, expectedMethod: string) {
+    const [url, init, , options] = apiClientMocks.requestJson.mock.calls[0];
+    expect(url).toBe(expectedUrl);
+    expect(init).toEqual(
+      expect.objectContaining({
+        method: expectedMethod,
+        headers: expect.objectContaining({
+          Authorization: 'Bearer runtime-guest-token',
+        }),
+      }),
+    );
+    expect(options).toEqual(
+      expect.objectContaining({
+        skipAuth: true,
+        skipRefresh: true,
+      }),
+    );
+  }
+
   it.each([
     {
       name: 'jump-hop',
@@ -82,6 +140,14 @@ describe('recommended runtime guest launch clients', () => {
         }),
       expectedUrl: '/api/runtime/bark-battle/works/bark-battle-work-1/runs',
     },
+    {
+      name: 'wooden-fish',
+      start: () =>
+        startWoodenFishRuntimeRun('wooden-fish-profile-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/wooden-fish/runs',
+    },
     {
       name: 'puzzle',
       start: () =>
@@ -187,4 +253,397 @@ describe('recommended runtime guest launch clients', () => {
       }),
     );
   });
+
+  it.each([
+    {
+      name: 'puzzle get run',
+      run: () =>
+        getPuzzleRun('run-puzzle-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/puzzle/runs/run-puzzle-1',
+      expectedMethod: 'GET',
+    },
+    {
+      name: 'puzzle swap',
+      run: () =>
+        swapPuzzlePieces(
+          'run-puzzle-1',
+          { firstPieceId: 'piece-a', secondPieceId: 'piece-b' },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/puzzle/runs/run-puzzle-1/swap',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'puzzle drag',
+      run: () =>
+        dragPuzzlePieceOrGroup(
+          'run-puzzle-1',
+          { pieceId: 'piece-a', targetRow: 1, targetCol: 2 },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/puzzle/runs/run-puzzle-1/drag',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'puzzle pause',
+      run: () =>
+        updatePuzzleRunPause(
+          'run-puzzle-1',
+          { paused: true },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/puzzle/runs/run-puzzle-1/pause',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'puzzle prop',
+      run: () =>
+        usePuzzleRuntimeProp(
+          'run-puzzle-1',
+          { propKind: 'extendTime' },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/puzzle/runs/run-puzzle-1/props',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'puzzle-clear get run',
+      run: () =>
+        puzzleClearClient.getRun('puzzle-clear-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/puzzle-clear/runs/puzzle-clear-run-1',
+      expectedMethod: 'GET',
+    },
+    {
+      name: 'puzzle-clear swap',
+      run: () =>
+        puzzleClearClient.swapCards(
+          'puzzle-clear-run-1',
+          { fromRow: 0, fromCol: 0, toRow: 0, toCol: 1 },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/puzzle-clear/runs/puzzle-clear-run-1/swap',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'puzzle-clear retry',
+      run: () =>
+        puzzleClearClient.retryLevel('puzzle-clear-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl:
+        '/api/runtime/puzzle-clear/runs/puzzle-clear-run-1/retry-level',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'puzzle-clear next',
+      run: () =>
+        puzzleClearClient.advanceNextLevel('puzzle-clear-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl:
+        '/api/runtime/puzzle-clear/runs/puzzle-clear-run-1/next-level',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'puzzle-clear time up',
+      run: () =>
+        puzzleClearClient.markTimeUp('puzzle-clear-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/puzzle-clear/runs/puzzle-clear-run-1/time-up',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'square-hole get run',
+      run: () =>
+        getSquareHoleRun('square-hole-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/square-hole/runs/square-hole-run-1',
+      expectedMethod: 'GET',
+    },
+    {
+      name: 'square-hole drop',
+      run: () =>
+        dropSquareHoleShape(
+          'square-hole-run-1',
+          {
+            holeId: 'hole-1',
+            clientSnapshotVersion: 1,
+            clientEventId: 'event-1',
+            droppedAtMs: 1_700_000_000_000,
+          },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/square-hole/runs/square-hole-run-1/drop',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'square-hole stop',
+      run: () =>
+        stopSquareHoleRun(
+          'square-hole-run-1',
+          { clientActionId: 'stop-1' },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/square-hole/runs/square-hole-run-1/stop',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'square-hole restart',
+      run: () =>
+        restartSquareHoleRun('square-hole-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/square-hole/runs/square-hole-run-1/restart',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'square-hole time up',
+      run: () =>
+        finishSquareHoleTimeUp('square-hole-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/square-hole/runs/square-hole-run-1/time-up',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'big-fish get run',
+      run: () =>
+        getBigFishRun('big-fish-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/big-fish/runs/big-fish-run-1',
+      expectedMethod: 'GET',
+    },
+    {
+      name: 'big-fish input',
+      run: () =>
+        submitBigFishInput(
+          'big-fish-run-1',
+          { x: 0.25, y: 0.75 },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/big-fish/runs/big-fish-run-1/input',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'big-fish play report',
+      run: () =>
+        recordBigFishPlay(
+          'big-fish-session-1',
+          { elapsedMs: 1_000 },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl:
+        '/api/runtime/big-fish/sessions/big-fish-session-1/play',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'bark-battle config',
+      run: () =>
+        getBarkBattleRuntimeConfig('bark-battle-work-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl:
+        '/api/runtime/bark-battle/works/bark-battle-work-1/config',
+      expectedMethod: 'GET',
+    },
+    {
+      name: 'bark-battle finish',
+      run: () =>
+        finishBarkBattleRun(
+          'bark-battle-run-1',
+          {
+            runId: 'bark-battle-run-1',
+            runToken: 'run-token',
+            workId: 'bark-battle-work-1',
+            configVersion: 1,
+            rulesetVersion: 'v1',
+            difficultyPreset: 'normal',
+            clientStartedAt: '2026-06-10T00:00:00Z',
+            clientFinishedAt: '2026-06-10T00:00:10Z',
+            durationMs: 10_000,
+            derivedMetrics: {
+              triggerCount: 1,
+              maxVolume: 0.8,
+              averageVolume: 0.4,
+              finalEnergy: 10,
+              comboMax: 1,
+            },
+          },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/bark-battle/runs/bark-battle-run-1/finish',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'wooden-fish checkpoint',
+      run: () =>
+        checkpointWoodenFishRun(
+          'wooden-fish-run-1',
+          { totalTapCount: 8, wordCounters: [] },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl:
+        '/api/runtime/wooden-fish/runs/wooden-fish-run-1/checkpoint',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'wooden-fish finish',
+      run: () =>
+        finishWoodenFishRun(
+          'wooden-fish-run-1',
+          { totalTapCount: 8, wordCounters: [] },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/wooden-fish/runs/wooden-fish-run-1/finish',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'visual-novel get run',
+      run: () =>
+        getVisualNovelRun('visual-novel-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/visual-novel/runs/visual-novel-run-1',
+      expectedMethod: 'GET',
+    },
+    {
+      name: 'visual-novel history',
+      run: () =>
+        getVisualNovelHistory('visual-novel-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl:
+        '/api/runtime/visual-novel/runs/visual-novel-run-1/history',
+      expectedMethod: 'GET',
+    },
+    {
+      name: 'visual-novel regenerate',
+      run: () =>
+        regenerateVisualNovelRun(
+          'visual-novel-run-1',
+          { historyEntryId: 'history-1', clientEventId: 'event-1' },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl:
+        '/api/runtime/visual-novel/runs/visual-novel-run-1/regenerate',
+      expectedMethod: 'POST',
+    },
+  ])(
+    '$name uses the shared runtime guest bearer token without touching login auth',
+    async ({ run, expectedUrl, expectedMethod }) => {
+      await run();
+
+      expectRuntimeGuestRequest(expectedUrl, expectedMethod);
+    },
+  );
+
+  it.each([
+    {
+      name: 'get run',
+      run: () =>
+        getMatch3DRun('match3d-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/match3d/runs/match3d-run-1',
+      expectedMethod: 'GET',
+    },
+    {
+      name: 'restart',
+      run: () =>
+        restartMatch3DRun('match3d-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/match3d/runs/match3d-run-1/restart',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'stop',
+      run: () =>
+        stopMatch3DRun(
+          'match3d-run-1',
+          { clientActionId: 'stop-1' },
+          { runtimeGuestToken: 'runtime-guest-token' },
+        ),
+      expectedUrl: '/api/runtime/match3d/runs/match3d-run-1/stop',
+      expectedMethod: 'POST',
+    },
+    {
+      name: 'time up',
+      run: () =>
+        finishMatch3DTimeUp('match3d-run-1', {
+          runtimeGuestToken: 'runtime-guest-token',
+        }),
+      expectedUrl: '/api/runtime/match3d/runs/match3d-run-1/time-up',
+      expectedMethod: 'POST',
+    },
+  ])(
+    'match3d $name uses the runtime guest bearer token without touching login auth',
+    async ({ run, expectedUrl, expectedMethod }) => {
+      await run();
+
+      const [url, init, , options] = apiClientMocks.requestJson.mock.calls[0];
+      expect(url).toBe(expectedUrl);
+      expect(init).toEqual(
+        expect.objectContaining({
+          method: expectedMethod,
+          headers: expect.objectContaining({
+            Authorization: 'Bearer runtime-guest-token',
+          }),
+        }),
+      );
+      expect(options).toEqual(
+        expect.objectContaining({
+          skipAuth: true,
+          skipRefresh: true,
+        }),
+      );
+    },
+  );
+
+  it('match3d click uses the runtime guest bearer token without touching login auth', async () => {
+    apiClientMocks.requestJson.mockResolvedValueOnce({
+      confirmation: {
+        accepted: true,
+        run: {},
+        clearedItemInstanceIds: [],
+      },
+    });
+
+    await clickMatch3DItem(
+      'match3d-run-1',
+      {
+        runId: 'match3d-run-1',
+        itemInstanceId: 'item-1',
+        clientActionId: 'action-1',
+        clientEventId: 'event-1',
+        clickedAtMs: 1_700_000_000_000,
+        clientSnapshotVersion: 1,
+      },
+      { runtimeGuestToken: 'runtime-guest-token' },
+    );
+
+    const [url, init, , options] = apiClientMocks.requestJson.mock.calls[0];
+    expect(url).toBe('/api/runtime/match3d/runs/match3d-run-1/click');
+    expect(init).toEqual(
+      expect.objectContaining({
+        method: 'POST',
+        headers: expect.objectContaining({
+          Authorization: 'Bearer runtime-guest-token',
+        }),
+      }),
+    );
+    expect(options).toEqual(
+      expect.objectContaining({
+        skipAuth: true,
+        skipRefresh: true,
+      }),
+    );
+  });
 });
diff --git a/src/services/square-hole-runtime/squareHoleRuntimeClient.ts b/src/services/square-hole-runtime/squareHoleRuntimeClient.ts
index e26d7907..53173916 100644
--- a/src/services/square-hole-runtime/squareHoleRuntimeClient.ts
+++ b/src/services/square-hole-runtime/squareHoleRuntimeClient.ts
@@ -49,11 +49,15 @@ export function startSquareHoleRun(
 /**
  * 读取方洞挑战运行态快照。
  */
-export function getSquareHoleRun(runId: string) {
+export function getSquareHoleRun(
+  runId: string,
+  options: SquareHoleRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<SquareHoleRunResponse>({
     url: buildRuntimeApiPath(SQUARE_HOLE_RUNTIME_API_BASE, 'runs', runId),
     fallbackMessage: '读取方洞挑战运行快照失败',
     retry: SQUARE_HOLE_RUNTIME_READ_RETRY,
+    requestOptions: options,
   });
 }
 
@@ -63,6 +67,7 @@ export function getSquareHoleRun(runId: string) {
 export function dropSquareHoleShape(
   runId: string,
   payload: DropSquareHoleShapeRequest,
+  options: SquareHoleRuntimeRequestOptions = {},
 ) {
   return requestRuntimeJson<SquareHoleDropResponse>({
     url: buildRuntimeApiPath(
@@ -78,6 +83,7 @@ export function dropSquareHoleShape(
     },
     fallbackMessage: '确认方洞挑战投入失败',
     retry: SQUARE_HOLE_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
@@ -89,6 +95,7 @@ export function stopSquareHoleRun(
   payload: StopSquareHoleRunRequest = {
     clientActionId: `square-hole-stop-${Date.now()}`,
   },
+  options: SquareHoleRuntimeRequestOptions = {},
 ) {
   return requestRuntimeJson<SquareHoleRunResponse>({
     url: buildRuntimeApiPath(SQUARE_HOLE_RUNTIME_API_BASE, 'runs', runId, 'stop'),
@@ -96,13 +103,17 @@ export function stopSquareHoleRun(
     jsonBody: payload,
     fallbackMessage: '停止方洞挑战失败',
     retry: SQUARE_HOLE_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
 /**
  * 基于当前 run 重开一局。
  */
-export function restartSquareHoleRun(runId: string) {
+export function restartSquareHoleRun(
+  runId: string,
+  options: SquareHoleRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<SquareHoleRunResponse>({
     url: buildRuntimeApiPath(
       SQUARE_HOLE_RUNTIME_API_BASE,
@@ -113,13 +124,17 @@ export function restartSquareHoleRun(runId: string) {
     method: 'POST',
     fallbackMessage: '重新开始方洞挑战失败',
     retry: SQUARE_HOLE_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
 /**
  * 前端倒计时归零后通知后端确认失败状态。
  */
-export function finishSquareHoleTimeUp(runId: string) {
+export function finishSquareHoleTimeUp(
+  runId: string,
+  options: SquareHoleRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<SquareHoleRunResponse>({
     url: buildRuntimeApiPath(
       SQUARE_HOLE_RUNTIME_API_BASE,
@@ -130,6 +145,7 @@ export function finishSquareHoleTimeUp(runId: string) {
     method: 'POST',
     fallbackMessage: '同步方洞挑战倒计时失败',
     retry: SQUARE_HOLE_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
diff --git a/src/services/visual-novel-runtime/visualNovelRuntimeClient.ts b/src/services/visual-novel-runtime/visualNovelRuntimeClient.ts
index 527d165b..b767baa9 100644
--- a/src/services/visual-novel-runtime/visualNovelRuntimeClient.ts
+++ b/src/services/visual-novel-runtime/visualNovelRuntimeClient.ts
@@ -135,15 +135,22 @@ export async function startVisualNovelRun(
   );
 }
 
-export async function getVisualNovelRun(runId: string) {
+export async function getVisualNovelRun(
+  runId: string,
+  options: VisualNovelRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<VisualNovelRunResponse>({
     url: buildRuntimeApiPath(VISUAL_NOVEL_RUNTIME_API_BASE, 'runs', runId),
     fallbackMessage: '读取视觉小说运行快照失败',
     retry: VISUAL_NOVEL_RUNTIME_READ_RETRY,
+    requestOptions: options,
   });
 }
 
-export async function getVisualNovelHistory(runId: string) {
+export async function getVisualNovelHistory(
+  runId: string,
+  options: VisualNovelRuntimeRequestOptions = {},
+) {
   return requestRuntimeJson<VisualNovelHistoryResponse>({
     url: buildRuntimeApiPath(
       VISUAL_NOVEL_RUNTIME_API_BASE,
@@ -153,6 +160,7 @@ export async function getVisualNovelHistory(runId: string) {
     ),
     fallbackMessage: '读取视觉小说历史失败',
     retry: VISUAL_NOVEL_RUNTIME_READ_RETRY,
+    requestOptions: options,
   });
 }
 
@@ -185,6 +193,7 @@ export async function streamVisualNovelRuntimeAction(
 export async function regenerateVisualNovelRun(
   runId: string,
   payload: VisualNovelRegenerateRequest,
+  options: VisualNovelRuntimeRequestOptions = {},
 ) {
   return requestRuntimeJson<VisualNovelRunResponse>({
     url: buildRuntimeApiPath(
@@ -197,6 +206,7 @@ export async function regenerateVisualNovelRun(
     jsonBody: payload,
     fallbackMessage: '重生成视觉小说历史失败',
     retry: VISUAL_NOVEL_RUNTIME_WRITE_RETRY,
+    requestOptions: options,
   });
 }
 
diff --git a/src/services/wooden-fish/woodenFishClient.test.ts b/src/services/wooden-fish/woodenFishClient.test.ts
index aea47b59..c6c961a1 100644
--- a/src/services/wooden-fish/woodenFishClient.test.ts
+++ b/src/services/wooden-fish/woodenFishClient.test.ts
@@ -55,6 +55,30 @@ test('wooden fish list works uses creation works endpoint', async () => {
   );
 });
 
+test('wooden fish runtime work detail reads public profile without auth refresh coupling', async () => {
+  const { woodenFishClient } = await import('./woodenFishClient');
+  requestJsonMock.mockResolvedValueOnce({
+    item: {
+      summary: {
+        profileId: 'profile-1',
+      },
+    },
+  });
+
+  await woodenFishClient.getWorkDetail('profile-1');
+
+  expect(requestJsonMock).toHaveBeenCalledWith(
+    '/api/runtime/wooden-fish/works/profile-1',
+    { method: 'GET' },
+    '读取敲木鱼作品详情失败',
+    expect.objectContaining({
+      retry: expect.objectContaining({ maxRetries: 1 }),
+      skipAuth: true,
+      skipRefresh: true,
+    }),
+  );
+});
+
 test('wooden fish start run uses runtime guest json skeleton', async () => {
   const { woodenFishClient } = await import('./woodenFishClient');
   requestJsonMock.mockResolvedValueOnce({ run: { runId: 'run-1' } });
diff --git a/src/services/wooden-fish/woodenFishClient.ts b/src/services/wooden-fish/woodenFishClient.ts
index 2a3832b5..0778ed08 100644
--- a/src/services/wooden-fish/woodenFishClient.ts
+++ b/src/services/wooden-fish/woodenFishClient.ts
@@ -17,7 +17,11 @@ import type {
   WoodenFishWorksResponse,
   WoodenFishWorkSummaryResponse,
 } from '../../../packages/shared/src/contracts/woodenFish';
-import { type ApiRetryOptions, requestJson } from '../apiClient';
+import {
+  type ApiRequestOptions,
+  type ApiRetryOptions,
+  requestJson,
+} from '../apiClient';
 import { createCreationAgentClient } from '../creation-agent';
 import { type RuntimeGuestRequestOptions } from '../runtimeGuestAuth';
 import { buildRuntimeApiPath, requestRuntimeJson } from '../runtimeRequest';
@@ -176,11 +180,19 @@ export function executeWoodenFishCreationAction(
     .then(normalizeWoodenFishActionResponse);
 }
 
-export async function getWoodenFishWorkDetail(profileId: string) {
+export async function getWoodenFishWorkDetail(
+  profileId: string,
+  options: ApiRequestOptions = {
+    retry: WOODEN_FISH_RUNTIME_READ_RETRY,
+    skipAuth: true,
+    skipRefresh: true,
+  },
+) {
   const response = await requestJson<WoodenFishWorkDetailResponse>(
     `${WOODEN_FISH_RUNTIME_API_BASE}/works/${encodeURIComponent(profileId)}`,
     { method: 'GET' },
     '读取敲木鱼作品详情失败',
+    options,
   );
   return normalizeWoodenFishWorkDetailResponse(response);
 }

From 077b139e80610cb0ce9e45408b2c1cec897bcb8e Mon Sep 17 00:00:00 2001
From: kdletters <61648117+kdletters@users.noreply.github.com>
Date: Thu, 11 Jun 2026 13:52:20 +0800
Subject: [PATCH 6/9] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=20SpacetimeDB=20?=
 =?UTF-8?q?=E8=BF=9E=E6=8E=A5=E6=B1=A0=E8=AF=B7=E6=B1=82=E5=8F=96=E6=B6=88?=
 =?UTF-8?q?=E5=90=8E=E6=A7=BD=E4=BD=8D=E6=B3=84=E6=BC=8F=E5=AF=BC=E8=87=B4?=
 =?UTF-8?q?=E6=B1=A0=E8=80=97=E5=B0=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- spacetime-client：PooledConnectionLease 增加 Drop 兜底，请求 future 被取消时也复位槽位并归还连接与 permit
- spacetime-client：槽位改为 AtomicBool 占用标记 + Mutex 连接存放，acquire 改为 CAS 抢占，删除可能永久空转的扫描循环
- spacetime-client：release_connection 与取消路径统一走租约 Drop 归还逻辑
- spacetime-client：新增 dropped_lease_releases_slot_and_permit 等单元测试复现并锁定该故障机制
- docs：新增 SpacetimeDB 连接池租约 Drop 兜底与取消安全文档记录根因、复现与验收
---
 ...timeDB连接池租约Drop兜底与取消安全-2026-06-11.md |  40 ++++
 server-rs/crates/spacetime-client/src/lib.rs  | 198 +++++++++++++-----
 2 files changed, 185 insertions(+), 53 deletions(-)
 create mode 100644 docs/【后端架构】SpacetimeDB连接池租约Drop兜底与取消安全-2026-06-11.md

diff --git a/docs/【后端架构】SpacetimeDB连接池租约Drop兜底与取消安全-2026-06-11.md b/docs/【后端架构】SpacetimeDB连接池租约Drop兜底与取消安全-2026-06-11.md
new file mode 100644
index 00000000..e72bec65
--- /dev/null
+++ b/docs/【后端架构】SpacetimeDB连接池租约Drop兜底与取消安全-2026-06-11.md
@@ -0,0 +1,40 @@
+# SpacetimeDB 连接池租约 Drop 兜底与取消安全
+
+- 日期：2026-06-11
+- 关联故障：release 环境 api-server 周期性全量 `spacetime_stage="pool_acquire" elapsed_ms=45000` 超时，`/readyz` 503（`reason=spacetime_unhealthy, stage=pool_acquire`），重启后临时恢复。
+- 涉及代码：`server-rs/crates/spacetime-client/src/lib.rs`
+
+## 故障根因
+
+修复前的连接池存在两个叠加缺陷：
+
+1. **租约没有 Drop 兜底**。`PooledConnectionLease` 只能通过显式 `release_connection` 归还。当 HTTP 请求方在等待 StDB 回包期间断开（前端超时、用户刷新、Nginx 截断），axum/hyper 会直接丢弃 handler future，租约被 Drop：permit 因 `OwnedSemaphorePermit` 自动归还，但槽位的 `in_use` 标记永远不会复位。
+2. **acquire 在槽位泄漏后永久空转**。后续请求拿到 permit 后进入 `loop { 扫描槽位; yield_now }`，找不到空闲槽位就无限自旋，且这段自旋不受 `procedure_timeout` 约束，自旋期间 permit 不归还。
+
+叠加效果：StDB 一旦变慢（请求占用连接接近 45 秒），客户端取消请求的概率大增，每次取消泄漏一个槽位并连带吞掉一个 permit；泄漏数量达到 `pool_size`（release 为 8）后，所有业务请求与健康检查全部在 `pool_acquire` 阶段 45 秒超时，服务表现为"连不上 StDB"，只有重启能恢复。
+
+## 本地复现
+
+不需要真实 SpacetimeDB，单元测试即可复现机制（位于 `spacetime-client` tests 模块）：
+
+- 修复前：将一个槽位置为 `in_use=true` 后调用 `acquire_connection_with_timeout(200ms)`，acquire 在 5 秒守护窗口内不返回（永久自旋），测试红。
+- `dropped_lease_releases_slot_and_permit`：模拟"请求被取消、租约未经 release 直接 Drop"，断言槽位与 permit 都被复位归还。
+- `acquire_times_out_at_pool_acquire_when_pool_is_busy`：池内 permit 全部被占用时，acquire 必须在超时窗口内返回 `PoolAcquire + Timeout`，不允许无限等待。
+
+## 修复方案
+
+1. `PooledConnectionSlot` 改为 `in_use: AtomicBool + connection: Mutex<Option<PooledConnection>>`，槽位占用标记不再依赖异步锁。
+2. `PooledConnectionLease` 持有 `Arc<SpacetimeConnectionPool>` 并实现 `Drop`：无论显式归还还是 future 被取消，统一在 Drop 中复位槽位、按 broken 状态决定连接是否回池，permit 随后自动归还。Drop 体先复位 `in_use` 再释放 permit（字段在 Drop 体之后析构），保证新请求拿到 permit 时必有空闲槽位。
+3. acquire 改为 CAS 抢占槽位：持有 permit 即保证并发持有者不超过 `pool_size`，扫描一轮必然命中空闲槽位，彻底删除自旋循环；建连失败直接返回错误，槽位由租约 Drop 复位。
+4. `release_connection` 退化为 `drop(lease)`，显式与隐式归还共用同一条兜底路径。
+
+## 验收
+
+- `cargo test -p spacetime-client --manifest-path server-rs/Cargo.toml --lib`（35 通过，含上述新测试）
+- `cargo test -p api-server --manifest-path server-rs/Cargo.toml readyz`（2 通过）
+- `cargo check -p api-server --manifest-path server-rs/Cargo.toml`
+
+## 运维提示
+
+- 此修复解决的是"取消导致的永久泄漏"。StDB 真慢时仍会出现成批 45 秒超时（连接被在途请求合法占用），那是容量/上游问题，应结合 `GENARRATIVE_SPACETIME_POOL_SIZE` 与 StDB 负载排查，不要再怀疑池泄漏。
+- 健康检查 `/readyz` 在池被在途请求占满时仍可能短暂 503（stage=pool_acquire），恢复后自动转好，无需重启。
diff --git a/server-rs/crates/spacetime-client/src/lib.rs b/server-rs/crates/spacetime-client/src/lib.rs
index 6b43db21..626b34d3 100644
--- a/server-rs/crates/spacetime-client/src/lib.rs
+++ b/server-rs/crates/spacetime-client/src/lib.rs
@@ -348,7 +348,7 @@ type ProcedureResultSender<T> =
 type ReducerResultSender = Arc<Mutex<Option<oneshot::Sender<Result<(), SpacetimeClientError>>>>>;
 
 struct SpacetimeConnectionPool {
-    slots: Vec<tokio::sync::Mutex<PooledConnectionSlot>>,
+    slots: Vec<PooledConnectionSlot>,
     permits: Arc<Semaphore>,
 }
 
@@ -371,8 +371,10 @@ impl SpacetimeStageError {
 }
 
 struct PooledConnectionSlot {
-    connection: Option<PooledConnection>,
-    in_use: bool,
+    // 槽位占用标记独立成原子量：抢占/复位不依赖锁，租约 Drop 兜底可以同步完成。
+    in_use: AtomicBool,
+    // in_use=true 的持有者独占本槽连接，正常情况下锁上不会有竞争。
+    connection: tokio::sync::Mutex<Option<PooledConnection>>,
 }
 
 struct PooledConnection {
@@ -385,9 +387,28 @@ struct PooledConnection {
 struct PooledConnectionLease {
     slot_index: usize,
     connection: Option<PooledConnection>,
+    pool: Arc<SpacetimeConnectionPool>,
     _permit: OwnedSemaphorePermit,
 }
 
+impl Drop for PooledConnectionLease {
+    // 租约 Drop 兜底：请求 future 被取消（如客户端断开导致 handler 被丢弃）时，
+    // 也必须归还连接并复位槽位，否则槽位会永久停留在 in_use 状态、连接池逐渐耗尽。
+    fn drop(&mut self) {
+        let slot = &self.pool.slots[self.slot_index];
+        if let Some(connection) = self.connection.take() {
+            if !connection.is_broken() {
+                if let Ok(mut slot_connection) = slot.connection.try_lock() {
+                    *slot_connection = Some(connection);
+                }
+                // try_lock 理论上不会失败（in_use 持有者独占）；万一失败只丢弃连接，不丢槽位。
+            }
+        }
+        slot.in_use.store(false, Ordering::Release);
+        // _permit 随 Drop 自动归还信号量。
+    }
+}
+
 impl SpacetimeClient {
     pub fn new(config: SpacetimeClientConfig) -> Self {
         let pool_size = config.pool_size.max(1) as usize;
@@ -400,11 +421,9 @@ impl SpacetimeClient {
             ..config
         };
         let slots = (0..pool_size)
-            .map(|_| {
-                tokio::sync::Mutex::new(PooledConnectionSlot {
-                    connection: None,
-                    in_use: false,
-                })
+            .map(|_| PooledConnectionSlot {
+                in_use: AtomicBool::new(false),
+                connection: tokio::sync::Mutex::new(None),
             })
             .collect::<Vec<_>>();
         let pool = Arc::new(SpacetimeConnectionPool {
@@ -678,42 +697,49 @@ impl SpacetimeClient {
                 )
             })?;
 
-        loop {
-            for (slot_index, slot) in self.pool.slots.iter().enumerate() {
-                if let Ok(mut slot_guard) = slot.try_lock() {
-                    if slot_guard.in_use {
-                        continue;
-                    }
-                    let reusable_connection = slot_guard
-                        .connection
-                        .take()
-                        .filter(|connection| !connection.is_broken());
-                    slot_guard.in_use = true;
-                    drop(slot_guard);
+        // 持有 permit 即保证最多 pool_size 个并发持有者，必然能抢到一个空闲槽位；
+        // CAS 抢占后立即构造租约，后续任何失败/取消都由租约 Drop 兜底复位槽位。
+        let slot_index = self
+            .pool
+            .slots
+            .iter()
+            .position(|slot| {
+                slot.in_use
+                    .compare_exchange(false, true, Ordering::AcqRel, Ordering::Acquire)
+                    .is_ok()
+            })
+            .ok_or_else(|| {
+                SpacetimeStageError::new(
+                    SpacetimeClientStage::PoolAcquire,
+                    SpacetimeClientError::Runtime(
+                        "SpacetimeDB 连接池 permit 与槽位状态不一致".to_string(),
+                    ),
+                )
+            })?;
 
-                    let connection = if let Some(connection) = reusable_connection {
-                        connection
-                    } else {
-                        match self.build_pooled_connection(operation_timeout).await {
-                            Ok(connection) => connection,
-                            Err(error) => {
-                                let mut slot_guard = self.pool.slots[slot_index].lock().await;
-                                slot_guard.in_use = false;
-                                return Err(error);
-                            }
-                        }
-                    };
+        let mut lease = PooledConnectionLease {
+            slot_index,
+            connection: None,
+            pool: self.pool.clone(),
+            _permit: permit,
+        };
 
-                    return Ok(PooledConnectionLease {
-                        slot_index,
-                        connection: Some(connection),
-                        _permit: permit,
-                    });
-                }
-            }
+        let reusable_connection = self.pool.slots[slot_index]
+            .connection
+            .lock()
+            .await
+            .take()
+            .filter(|connection| !connection.is_broken());
 
-            tokio::task::yield_now().await;
-        }
+        let connection = if let Some(connection) = reusable_connection {
+            connection
+        } else {
+            // 建连失败时直接返回错误，槽位与 permit 由 lease Drop 自动归还。
+            self.build_pooled_connection(operation_timeout).await?
+        };
+
+        lease.connection = Some(connection);
+        Ok(lease)
     }
 
     async fn build_pooled_connection(
@@ -911,18 +937,10 @@ impl SpacetimeClient {
         Ok(subscription)
     }
 
-    async fn release_connection(&self, mut lease: PooledConnectionLease) {
-        let mut slot_guard = self.pool.slots[lease.slot_index].lock().await;
-        slot_guard.in_use = false;
-        let Some(connection) = lease.connection.take() else {
-            slot_guard.connection = None;
-            return;
-        };
-        if connection.is_broken() {
-            slot_guard.connection = None;
-        } else {
-            slot_guard.connection = Some(connection);
-        }
+    async fn release_connection(&self, lease: PooledConnectionLease) {
+        // 显式归还与“请求被取消”的隐式归还共用同一套租约 Drop 兜底逻辑，
+        // 保证任何路径下槽位与 permit 都会复位，连接池不会被慢慢泄漏占满。
+        drop(lease);
     }
 
     // 超时后必须统一归还租约；若连接已先一步断开则回传断线，否则标记坏连接并回传超时。
@@ -1127,4 +1145,78 @@ mod tests {
             SpacetimeClientError::Runtime(_)
         ));
     }
+
+    fn test_client(pool_size: u32, procedure_timeout: Duration) -> SpacetimeClient {
+        SpacetimeClient::new(SpacetimeClientConfig {
+            // 指向本机不可达端口：测试只验证连接池行为，不需要真实 SpacetimeDB。
+            server_url: "http://127.0.0.1:9".to_string(),
+            database: "pool-test".to_string(),
+            token: None,
+            pool_size,
+            procedure_timeout,
+        })
+    }
+
+    /// 复现线上故障机制：修复前请求 future 被取消时租约不会归还，槽位永久停留在 in_use，
+    /// 后续 acquire 拿着 permit 空转挂死。修复后租约 Drop 必须同时复位槽位与 permit。
+    #[tokio::test]
+    async fn dropped_lease_releases_slot_and_permit() {
+        let client = test_client(1, Duration::from_millis(200));
+        let permit = client
+            .pool
+            .permits
+            .clone()
+            .acquire_owned()
+            .await
+            .expect("permit should acquire");
+        client.pool.slots[0].in_use.store(true, Ordering::SeqCst);
+        assert_eq!(client.pool.permits.available_permits(), 0);
+
+        // 模拟请求被取消：租约未经过 release_connection 直接被 Drop。
+        let lease = PooledConnectionLease {
+            slot_index: 0,
+            connection: None,
+            pool: client.pool.clone(),
+            _permit: permit,
+        };
+        drop(lease);
+
+        assert!(
+            !client.pool.slots[0].in_use.load(Ordering::SeqCst),
+            "租约 Drop 后槽位必须复位，否则连接池会被泄漏占满"
+        );
+        assert_eq!(
+            client.pool.permits.available_permits(),
+            1,
+            "租约 Drop 后 permit 必须归还"
+        );
+    }
+
+    /// 池内 permit 全部被占用（持续在途请求）时，acquire 必须在超时窗口内返回
+    /// pool_acquire 超时，而不是无限等待。
+    #[tokio::test]
+    async fn acquire_times_out_at_pool_acquire_when_pool_is_busy() {
+        let client = test_client(1, Duration::from_millis(200));
+        let _held_permit = client
+            .pool
+            .permits
+            .clone()
+            .acquire_owned()
+            .await
+            .expect("permit should acquire");
+
+        let result = tokio::time::timeout(
+            Duration::from_secs(5),
+            client.acquire_connection_with_timeout(Duration::from_millis(200)),
+        )
+        .await
+        .expect("acquire 必须在超时窗口内返回，而不是空转挂死");
+
+        let error = match result {
+            Ok(_) => panic!("池占满时应返回 pool_acquire 超时"),
+            Err(error) => error,
+        };
+        assert_eq!(error.stage, SpacetimeClientStage::PoolAcquire);
+        assert!(matches!(error.error, SpacetimeClientError::Timeout));
+    }
 }

From 86ea69f79dcad63d09c280931a276827866f7aed Mon Sep 17 00:00:00 2001
From: kdletters <61648117+kdletters@users.noreply.github.com>
Date: Thu, 11 Jun 2026 13:56:59 +0800
Subject: [PATCH 7/9] =?UTF-8?q?=E8=AE=B0=E5=BD=95=20SpacetimeDB=20?=
 =?UTF-8?q?=E8=BF=9E=E6=8E=A5=E6=B1=A0=E7=A7=9F=E7=BA=A6=20Drop=20?=
 =?UTF-8?q?=E5=85=9C=E5=BA=95=E6=8E=92=E9=9A=9C=E7=BB=8F=E9=AA=8C=E5=88=B0?=
 =?UTF-8?q?=E5=9B=A2=E9=98=9F=E5=85=B1=E4=BA=AB=E8=AE=B0=E5=BF=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- .hermes/shared-memory/pitfalls.md：新增连接池槽位泄漏与 acquire 无界自旋的现象、根因、处理与验证条目
---
 .hermes/shared-memory/pitfalls.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.hermes/shared-memory/pitfalls.md b/.hermes/shared-memory/pitfalls.md
index a1b78cf4..c2e411de 100644
--- a/.hermes/shared-memory/pitfalls.md
+++ b/.hermes/shared-memory/pitfalls.md
@@ -2190,3 +2190,11 @@
 - 待处理：将跳一跳生成改为后端任务化 / 可轮询真实阶段进度，按背景、返回按钮、图集、切片、持久化、写草稿分阶段落库；统一后端全局生成 deadline、VectorEngine 重试预算、前端等待窗口和失败态回写。超时后再次进入同一 session 应优先恢复正在运行或已完成的任务，不应重复生图。
 - 验证：模拟首张 image2 超长耗时或超时重试时，生成页应显示真实阶段和可恢复状态；前端请求超时不应把最终成功草稿标记为失败；刷新 `/creation/jump-hop/generating?sessionId=<id>` 后应能恢复到后端真实状态；同一 session 重试不得重复生成已完成阶段。
 - 关联：`src/services/jump-hop/jumpHopClient.ts`、`src/services/miniGameDraftGenerationProgress.ts`、`server-rs/crates/api-server/src/jump_hop.rs`、`server-rs/crates/platform-image/src/vector_engine/client.rs`、`docs/【玩法创作】平台入口与玩法链路-2026-05-15.md`。
+
+## SpacetimeDB 连接池租约必须有 Drop 兜底，acquire 不允许无界自旋
+
+- 现象：release 上 api-server 周期性出现全量 `spacetime_stage="pool_acquire" elapsed_ms=45000` 业务超时，`/readyz` 503（`reason=spacetime_unhealthy, stage=pool_acquire`），`/healthz` 仍 200，只有重启能恢复，过若干小时复发。
+- 原因：旧 `PooledConnectionLease` 只能显式 `release_connection` 归还；HTTP 请求方在等待 StDB 回包期间断开时 handler future 被取消，permit 自动归还但槽位 `in_use` 永不复位。后续 acquire 在拿到 permit 后进入无界 `loop + yield_now` 扫描空闲槽位，泄漏积累到 pool_size 后整池挂死。
+- 处理：租约持有 `Arc<SpacetimeConnectionPool>` 并实现 `Drop` 统一复位槽位/归还连接；槽位改 `AtomicBool` CAS 抢占，删除自旋循环（持有 permit 必然命中空闲槽位）。任何新的"显式归还"资源在 async 取消语义下都要先想 Drop 兜底。
+- 验证：`cargo test -p spacetime-client --manifest-path server-rs/Cargo.toml --lib`（`dropped_lease_releases_slot_and_permit`、`acquire_times_out_at_pool_acquire_when_pool_is_busy`）。
+- 关联：`server-rs/crates/spacetime-client/src/lib.rs`、`docs/【后端架构】SpacetimeDB连接池租约Drop兜底与取消安全-2026-06-11.md`。

From f8a80cd795e84b3cab18a7764396fc298d4e9e0c Mon Sep 17 00:00:00 2001
From: kdletters <kdletters@qq.com>
Date: Thu, 11 Jun 2026 15:55:23 +0800
Subject: [PATCH 8/9] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=B5=84=E4=BA=A7?=
 =?UTF-8?q?=E8=AE=A1=E8=B4=B9=E8=BE=B9=E7=95=8C=E9=A3=8E=E9=99=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

资产生成预扣费改为 fail-closed，避免钱包异常时继续调用外部生成

新增钱包退款 outbox，退款失败时本地落盘并后台重放

拼图首图后台任务改用 SpacetimeDB claim 表实现跨实例互斥

计费 ledger id 统一绑定 request_id，并让前端重试复用 x-request-id

同步 SpacetimeDB bindings、后端架构文档和 Hermes 决策记录
---
 .hermes/shared-memory/decision-log.md         |   8 +
 ...�】server-rs与SpacetimeDB数据契约-2026-05-15.md |  10 +
 .../crates/api-server/src/asset_billing.rs    |  81 ++-
 .../crates/api-server/src/bark_battle.rs      |   3 +-
 server-rs/crates/api-server/src/big_fish.rs   |   2 +-
 server-rs/crates/api-server/src/config.rs     |  60 +++
 .../crates/api-server/src/custom_world_ai.rs  |   9 +-
 server-rs/crates/api-server/src/main.rs       |  68 ++-
 server-rs/crates/api-server/src/match3d.rs    |  14 +-
 .../crates/api-server/src/match3d/draft.rs    |  16 +-
 .../crates/api-server/src/match3d/handlers.rs |  15 +-
 .../api-server/src/match3d/item_assets.rs     |   8 -
 server-rs/crates/api-server/src/puzzle.rs     |  80 +--
 .../crates/api-server/src/puzzle/handlers.rs  | 325 ++++++------
 server-rs/crates/api-server/src/state.rs      |   9 +
 .../api-server/src/wallet_refund_outbox.rs    | 463 ++++++++++++++++++
 .../crates/module-puzzle/src/application.rs   |   8 +
 .../crates/module-puzzle/src/commands.rs      |  19 +
 server-rs/crates/spacetime-client/src/lib.rs  |   3 +-
 .../crates/spacetime-client/src/mapper.rs     |  11 +-
 .../spacetime-client/src/mapper/puzzle.rs     |  27 +
 .../spacetime-client/src/module_bindings.rs   |  40 ++
 ...uzzle_background_compile_task_procedure.rs |  59 +++
 ...ackground_compile_task_claim_input_type.rs |  19 +
 ...ound_compile_task_procedure_result_type.rs |  17 +
 ...kground_compile_task_release_input_type.rs |  18 +
 ...puzzle_background_compile_task_row_type.rs |  66 +++
 .../puzzle_background_compile_task_table.rs   | 169 +++++++
 ...uzzle_background_compile_task_procedure.rs |  62 +++
 .../crates/spacetime-client/src/puzzle.rs     |  63 +++
 .../crates/spacetime-module/src/migration.rs  |   5 +-
 .../crates/spacetime-module/src/puzzle.rs     | 159 +++++-
 src/services/apiClient.test.ts                |   5 +
 src/services/apiClient.ts                     |  21 +
 34 files changed, 1678 insertions(+), 264 deletions(-)
 create mode 100644 server-rs/crates/api-server/src/wallet_refund_outbox.rs
 create mode 100644 server-rs/crates/spacetime-client/src/module_bindings/claim_puzzle_background_compile_task_procedure.rs
 create mode 100644 server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_claim_input_type.rs
 create mode 100644 server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_procedure_result_type.rs
 create mode 100644 server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_release_input_type.rs
 create mode 100644 server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_row_type.rs
 create mode 100644 server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_table.rs
 create mode 100644 server-rs/crates/spacetime-client/src/module_bindings/release_puzzle_background_compile_task_procedure.rs

diff --git a/.hermes/shared-memory/decision-log.md b/.hermes/shared-memory/decision-log.md
index 2044455f..dacfd637 100644
--- a/.hermes/shared-memory/decision-log.md
+++ b/.hermes/shared-memory/decision-log.md
@@ -1728,3 +1728,11 @@
 - 影响范围：`shared-contracts` 默认 spec、`module-runtime` 入口配置响应、`spacetime-module` 后台保存校验、后台入口开关页摘要和前端 fallback spec。
 - 验证方式：`GET /api/creation-entry/config` 中各玩法 `unifiedCreationSpec.title` 等于已保存契约内容；后台只修改入口名称时不应隐式改写已保存的统一创作页表头。
 - 关联文档：`docs/【玩法创作】平台入口与玩法链路-2026-05-15.md`。
+
+## 2026-06-11 资产计费边界改为 fail-closed 并补偿退款
+
+- 背景：图片 / 资产生成入口曾在钱包或 SpacetimeDB 预扣费连通性异常时允许继续生成，且失败后同步退款如果遇到 SpacetimeDB 短暂不可用缺少本地补偿；拼图首图后台任务还使用 api-server 进程内 HashSet 互斥，多实例下不能防重复。
+- 决策：暂不实现 token 限流。所有资产生成预扣费改为 fail-closed，预扣费失败直接返回错误；支持 retry 的计费 ledger id 统一包含 HTTP `request_id`，前端静默刷新重试复用同一个 `x-request-id`。生成失败后的退款先同步调用 SpacetimeDB，失败则写入 `wallet-refund-outbox` 本地文件并由后台 worker 重放。拼图首图后台生成互斥改为 SpacetimeDB `puzzle_background_compile_task` 表，使用 `task_id + request_id` 作为 claim id，释放时校验 claim id，避免旧任务误删新租约。
+- 影响范围：`api-server` 资产计费包裹、钱包退款补偿、拼图首图后台生成、`spacetime-module` 拼图 task 表、`spacetime-client` bindings/facade、前端 API request id 复用和后端架构文档。
+- 验证方式：`npm run spacetime:generate`、`npm run check:spacetime-schema`、`npm run check:spacetime-runtime-access`、`node scripts/check-server-rs-ddd-boundaries.mjs`、`cargo check -p api-server --manifest-path server-rs/Cargo.toml`、`cargo test -p api-server --manifest-path server-rs/Cargo.toml wallet_refund_outbox`、`cargo test -p api-server --manifest-path server-rs/Cargo.toml asset_operation`、`npm run test -- src/services/apiClient.test.ts`、`npm run check:encoding`。
+- 关联文档：`docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md`。
diff --git a/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md b/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md
index 82249ceb..b5d01d81 100644
--- a/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md
+++ b/docs/【后端架构】server-rs与SpacetimeDB数据契约-2026-05-15.md
@@ -190,6 +190,10 @@ npm run check:server-rs-ddd
 1. `creation_entry_type_config.unified_creation_spec_json` 内的 `mudPointCost` 是玩法新建草稿初始生成的泥点成本真相源，同时供入口卡展示和前端余额前置校验使用；旧契约缺失时允许按代码默认成本兜底。
 2. `api-server` 执行拼图首图生成、抓大鹅完整草稿生成和汪汪声浪初始三图生成时，必须通过 `GET /api/creation-entry/config` 同源配置解析对应玩法成本后再调用钱包扣费 procedure，不得继续使用前端或后端硬编码常量作为实际扣费真相。
 3. 结果页单图重生成、发布、道具使用和其它独立资产操作仍按各自业务操作成本执行；不要把初始草稿成本误套到这些单次操作上。
+4. 资产操作的预扣费必须 fail-closed：钱包或 SpacetimeDB 预扣费不可达、超时或返回业务错误时，`api-server` 直接返回错误，不允许继续调用图片、音频、GLB 等外部生成 provider。
+5. 需要支持 HTTP retry 的计费 ledger id 必须包含当前请求的 `request_id`；前端 `fetchWithApiAuth` 同一次业务请求的静默刷新重试复用同一个 `x-request-id`，后端不得再使用 prompt 指纹或随机 asset id 作为扣费幂等键。
+6. 外部生成已预扣费但后续失败时必须先同步调用钱包退款；若 SpacetimeDB 暂不可用，退款请求写入 `wallet-refund-outbox` 本地文件并由后台 worker 重放。默认启用，配置项为 `GENARRATIVE_WALLET_REFUND_OUTBOX_ENABLED`、`GENARRATIVE_WALLET_REFUND_OUTBOX_DIR`、`GENARRATIVE_WALLET_REFUND_OUTBOX_BATCH_SIZE`、`GENARRATIVE_WALLET_REFUND_OUTBOX_FLUSH_INTERVAL_MS` 和 `GENARRATIVE_WALLET_REFUND_OUTBOX_MAX_BYTES`。outbox 文件按 refund ledger id 幂等落盘；成功重放后删除，坏文件隔离为 `corrupt-*`。
+7. 拼图首图后台生成的跨实例互斥锁必须落在 SpacetimeDB `puzzle_background_compile_task` 表，claim id 由 `task_id + request_id` 构成，释放时必须校验 claim id，避免旧后台任务释放新请求抢到的租约。
 
 ## 外部服务与资产
 
@@ -640,6 +644,12 @@ npm run check:server-rs-ddd
 - Rust 结构体：`PuzzleAgentSessionRow`
 - 源码：`server-rs/crates/spacetime-module/src/puzzle.rs`
 
+### `puzzle_background_compile_task`
+
+- Rust 结构体：`PuzzleBackgroundCompileTaskRow`
+- 源码：`server-rs/crates/spacetime-module/src/puzzle.rs`
+- 说明：拼图首图后台生成的跨 api-server 实例互斥 claim 表，只保存活动任务租约，不表达最终生成结果；`task_id` 为主键，`claim_id` 用于释放时防止误删新租约，租约超时时间为 30 分钟。
+
 ### `puzzle_event`
 
 - Rust 结构体：`PuzzleEvent`
diff --git a/server-rs/crates/api-server/src/asset_billing.rs b/server-rs/crates/api-server/src/asset_billing.rs
index 613ce234..c6430554 100644
--- a/server-rs/crates/api-server/src/asset_billing.rs
+++ b/server-rs/crates/api-server/src/asset_billing.rs
@@ -4,7 +4,11 @@ use axum::http::StatusCode;
 use serde_json::json;
 use spacetime_client::SpacetimeClientError;
 
-use crate::{http_error::AppError, state::AppState};
+use crate::{
+    http_error::AppError,
+    state::AppState,
+    wallet_refund_outbox::{WalletRefundOutboxEnqueueOutcome, WalletRefundOutboxRecord},
+};
 
 pub(crate) const ASSET_OPERATION_POINTS_COST: u64 = 1;
 
@@ -90,22 +94,11 @@ async fn consume_asset_operation_points(
         .await
     {
         Ok(_) => Ok(true),
-        Err(error) if should_skip_asset_operation_billing_for_connectivity(&error) => {
-            // 中文注释：外部生图不应被 Maincloud 钱包短暂 503 阻断；此时跳过扣费，让业务链路继续，避免用户重复点击。
-            tracing::warn!(
-                owner_user_id,
-                asset_kind,
-                asset_id,
-                error = %error,
-                "资产操作泥点预扣因 SpacetimeDB 连接不可用而降级跳过"
-            );
-            Ok(false)
-        }
         Err(error) => Err(map_asset_operation_wallet_error(error)),
     }
 }
 
-/// 外部生成或发布 mutation 失败后补偿退款；退款失败只记日志，避免覆盖原始业务错误。
+/// 外部生成或发布 mutation 失败后补偿退款；立即退款失败会进入 outbox，避免覆盖原始业务错误。
 async fn refund_asset_operation_points(
     state: &AppState,
     owner_user_id: &str,
@@ -117,22 +110,74 @@ async fn refund_asset_operation_points(
         "asset_operation_refund:{}:{}:{}",
         owner_user_id, asset_kind, asset_id
     );
+    let created_at_micros = current_utc_micros();
     if let Err(error) = state
         .spacetime_client()
         .refund_profile_wallet_points(
             owner_user_id.to_string(),
             points_cost,
-            ledger_id,
-            current_utc_micros(),
+            ledger_id.clone(),
+            created_at_micros,
         )
         .await
     {
+        let refund_error = error.to_string();
+        if let Some(outbox) = state.wallet_refund_outbox() {
+            match outbox
+                .enqueue(WalletRefundOutboxRecord {
+                    owner_user_id: owner_user_id.to_string(),
+                    amount: points_cost,
+                    ledger_id: ledger_id.clone(),
+                    created_at_micros,
+                    asset_kind: asset_kind.to_string(),
+                    asset_id: asset_id.to_string(),
+                })
+                .await
+            {
+                Ok(WalletRefundOutboxEnqueueOutcome::Enqueued) => {
+                    tracing::warn!(
+                        owner_user_id,
+                        asset_kind,
+                        asset_id,
+                        ledger_id,
+                        error = %refund_error,
+                        "资产操作失败后的泥点退款立即执行失败，已写入 wallet refund outbox"
+                    );
+                    return;
+                }
+                Ok(WalletRefundOutboxEnqueueOutcome::Dropped { reason }) => {
+                    tracing::error!(
+                        owner_user_id,
+                        asset_kind,
+                        asset_id,
+                        ledger_id,
+                        reason,
+                        error = %refund_error,
+                        "资产操作失败后的泥点退款立即执行失败，且 wallet refund outbox 因容量限制丢弃"
+                    );
+                    return;
+                }
+                Err(outbox_error) => {
+                    tracing::error!(
+                        owner_user_id,
+                        asset_kind,
+                        asset_id,
+                        ledger_id,
+                        refund_error = %refund_error,
+                        outbox_error = %outbox_error,
+                        "资产操作失败后的泥点退款立即执行失败，且写入 wallet refund outbox 失败"
+                    );
+                    return;
+                }
+            }
+        }
         tracing::error!(
             owner_user_id,
             asset_kind,
             asset_id,
-            error = %error,
-            "资产操作失败后的泥点退款失败"
+            ledger_id,
+            error = %refund_error,
+            "资产操作失败后的泥点退款失败，且 wallet refund outbox 未启用"
         );
     }
 }
@@ -185,7 +230,7 @@ mod tests {
     use super::*;
 
     #[test]
-    fn asset_operation_billing_skips_spacetime_connectivity_errors() {
+    fn asset_operation_connectivity_errors_are_classified_for_non_billing_fallbacks() {
         assert_eq!(ASSET_OPERATION_POINTS_COST, 1);
         assert!(should_skip_asset_operation_billing_for_connectivity(
             &SpacetimeClientError::ConnectDropped
diff --git a/server-rs/crates/api-server/src/bark_battle.rs b/server-rs/crates/api-server/src/bark_battle.rs
index fa33c9ee..51f775ce 100644
--- a/server-rs/crates/api-server/src/bark_battle.rs
+++ b/server-rs/crates/api-server/src/bark_battle.rs
@@ -306,11 +306,12 @@ pub async fn generate_bark_battle_image_asset(
         .filter(|value| !value.is_empty())
         .map(ToString::to_string);
     let points_cost = resolve_bark_battle_image_asset_points_cost(&state, &payload).await;
+    let billing_asset_id = request_context.request_id().to_string();
     let result = execute_billable_asset_operation_with_cost(
         &state,
         &owner_user_id,
         bark_battle_slot_asset_kind(&slot),
-        asset_id.as_str(),
+        billing_asset_id.as_str(),
         points_cost,
         async {
             generate_and_persist_bark_battle_image_asset(
diff --git a/server-rs/crates/api-server/src/big_fish.rs b/server-rs/crates/api-server/src/big_fish.rs
index 1fc8636a..e8969117 100644
--- a/server-rs/crates/api-server/src/big_fish.rs
+++ b/server-rs/crates/api-server/src/big_fish.rs
@@ -722,7 +722,7 @@ pub async fn execute_big_fish_action(
         "big_fish_publish_game" => Some("big_fish_publish_game"),
         _ => None,
     };
-    let billing_asset_id = format!("{session_id}:{now}");
+    let billing_asset_id = format!("{}:{}:{}", session_id, action, request_context.request_id());
     let session_operation = async {
         match action.as_str() {
             "big_fish_compile_draft" => {
diff --git a/server-rs/crates/api-server/src/config.rs b/server-rs/crates/api-server/src/config.rs
index 3ca4a2a6..b23bb782 100644
--- a/server-rs/crates/api-server/src/config.rs
+++ b/server-rs/crates/api-server/src/config.rs
@@ -32,6 +32,11 @@ pub struct AppConfig {
     pub tracking_outbox_batch_size: usize,
     pub tracking_outbox_flush_interval: Duration,
     pub tracking_outbox_max_bytes: u64,
+    pub wallet_refund_outbox_enabled: bool,
+    pub wallet_refund_outbox_dir: PathBuf,
+    pub wallet_refund_outbox_batch_size: usize,
+    pub wallet_refund_outbox_flush_interval: Duration,
+    pub wallet_refund_outbox_max_bytes: u64,
     pub log_filter: String,
     pub otel_enabled: bool,
     pub admin_username: Option<String>,
@@ -183,6 +188,11 @@ impl Default for AppConfig {
             tracking_outbox_batch_size: 500,
             tracking_outbox_flush_interval: Duration::from_millis(1_000),
             tracking_outbox_max_bytes: 256 * 1024 * 1024,
+            wallet_refund_outbox_enabled: true,
+            wallet_refund_outbox_dir: PathBuf::from("server-rs/.data/wallet-refund-outbox"),
+            wallet_refund_outbox_batch_size: 100,
+            wallet_refund_outbox_flush_interval: Duration::from_millis(1_000),
+            wallet_refund_outbox_max_bytes: 64 * 1024 * 1024,
             log_filter: "info,tower_http=info".to_string(),
             otel_enabled: false,
             admin_username: None,
@@ -409,6 +419,27 @@ impl AppConfig {
         {
             config.tracking_outbox_max_bytes = max_bytes;
         }
+        if let Some(enabled) = read_first_bool_env(&["GENARRATIVE_WALLET_REFUND_OUTBOX_ENABLED"]) {
+            config.wallet_refund_outbox_enabled = enabled;
+        }
+        if let Some(dir) = read_first_non_empty_env(&["GENARRATIVE_WALLET_REFUND_OUTBOX_DIR"]) {
+            config.wallet_refund_outbox_dir = PathBuf::from(dir);
+        }
+        if let Some(batch_size) =
+            read_first_usize_env(&["GENARRATIVE_WALLET_REFUND_OUTBOX_BATCH_SIZE"])
+        {
+            config.wallet_refund_outbox_batch_size = batch_size;
+        }
+        if let Some(flush_interval_ms) =
+            read_first_positive_u64_env(&["GENARRATIVE_WALLET_REFUND_OUTBOX_FLUSH_INTERVAL_MS"])
+        {
+            config.wallet_refund_outbox_flush_interval = Duration::from_millis(flush_interval_ms);
+        }
+        if let Some(max_bytes) =
+            read_first_positive_u64_env(&["GENARRATIVE_WALLET_REFUND_OUTBOX_MAX_BYTES"])
+        {
+            config.wallet_refund_outbox_max_bytes = max_bytes;
+        }
         if let Some(otel_enabled) = read_first_bool_env(&["GENARRATIVE_OTEL_ENABLED"]) {
             config.otel_enabled = otel_enabled;
         }
@@ -1380,6 +1411,11 @@ mod tests {
             std::env::remove_var("GENARRATIVE_TRACKING_OUTBOX_BATCH_SIZE");
             std::env::remove_var("GENARRATIVE_TRACKING_OUTBOX_FLUSH_INTERVAL_MS");
             std::env::remove_var("GENARRATIVE_TRACKING_OUTBOX_MAX_BYTES");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_ENABLED");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_DIR");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_BATCH_SIZE");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_FLUSH_INTERVAL_MS");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_MAX_BYTES");
             std::env::remove_var("GENARRATIVE_OTEL_ENABLED");
             std::env::set_var("GENARRATIVE_API_LISTEN_BACKLOG", "2048");
             std::env::set_var("GENARRATIVE_API_WORKER_THREADS", "6");
@@ -1396,6 +1432,14 @@ mod tests {
             std::env::set_var("GENARRATIVE_TRACKING_OUTBOX_BATCH_SIZE", "250");
             std::env::set_var("GENARRATIVE_TRACKING_OUTBOX_FLUSH_INTERVAL_MS", "2000");
             std::env::set_var("GENARRATIVE_TRACKING_OUTBOX_MAX_BYTES", "1048576");
+            std::env::set_var("GENARRATIVE_WALLET_REFUND_OUTBOX_ENABLED", "false");
+            std::env::set_var(
+                "GENARRATIVE_WALLET_REFUND_OUTBOX_DIR",
+                "/tmp/genarrative-wallet-refund-outbox",
+            );
+            std::env::set_var("GENARRATIVE_WALLET_REFUND_OUTBOX_BATCH_SIZE", "50");
+            std::env::set_var("GENARRATIVE_WALLET_REFUND_OUTBOX_FLUSH_INTERVAL_MS", "3000");
+            std::env::set_var("GENARRATIVE_WALLET_REFUND_OUTBOX_MAX_BYTES", "524288");
             std::env::set_var("GENARRATIVE_OTEL_ENABLED", "true");
         }
 
@@ -1421,6 +1465,17 @@ mod tests {
             std::time::Duration::from_millis(2_000)
         );
         assert_eq!(config.tracking_outbox_max_bytes, 1_048_576);
+        assert!(!config.wallet_refund_outbox_enabled);
+        assert_eq!(
+            config.wallet_refund_outbox_dir,
+            std::path::PathBuf::from("/tmp/genarrative-wallet-refund-outbox")
+        );
+        assert_eq!(config.wallet_refund_outbox_batch_size, 50);
+        assert_eq!(
+            config.wallet_refund_outbox_flush_interval,
+            std::time::Duration::from_millis(3_000)
+        );
+        assert_eq!(config.wallet_refund_outbox_max_bytes, 524_288);
         assert!(config.otel_enabled);
 
         unsafe {
@@ -1436,6 +1491,11 @@ mod tests {
             std::env::remove_var("GENARRATIVE_TRACKING_OUTBOX_BATCH_SIZE");
             std::env::remove_var("GENARRATIVE_TRACKING_OUTBOX_FLUSH_INTERVAL_MS");
             std::env::remove_var("GENARRATIVE_TRACKING_OUTBOX_MAX_BYTES");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_ENABLED");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_DIR");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_BATCH_SIZE");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_FLUSH_INTERVAL_MS");
+            std::env::remove_var("GENARRATIVE_WALLET_REFUND_OUTBOX_MAX_BYTES");
             std::env::remove_var("GENARRATIVE_OTEL_ENABLED");
         }
     }
diff --git a/server-rs/crates/api-server/src/custom_world_ai.rs b/server-rs/crates/api-server/src/custom_world_ai.rs
index d235f028..be751aa4 100644
--- a/server-rs/crates/api-server/src/custom_world_ai.rs
+++ b/server-rs/crates/api-server/src/custom_world_ai.rs
@@ -547,11 +547,12 @@ pub async fn generate_custom_world_scene_image(
     require_openai_image_settings(&state)
         .map_err(|error| custom_world_ai_error_response(&request_context, error))?;
     let asset_id = format!("custom-scene-{}", current_utc_millis());
+    let billing_asset_id = request_context.request_id().to_string();
     let asset = execute_billable_asset_operation(
         &state,
         &owner_user_id,
         "scene_image",
-        asset_id.as_str(),
+        billing_asset_id.as_str(),
         async {
             let settings = require_openai_image_settings(&state)?.with_external_api_audit_context(
                 &request_context,
@@ -806,11 +807,12 @@ pub async fn generate_custom_world_cover_image(
     require_dashscope_settings(&state)
         .map_err(|error| custom_world_ai_error_response(&request_context, error))?;
     let asset_id = format!("custom-cover-{}", current_utc_millis());
+    let billing_asset_id = request_context.request_id().to_string();
     let asset = execute_billable_asset_operation(
         &state,
         &owner_user_id,
         "custom_world_cover",
-        asset_id.as_str(),
+        billing_asset_id.as_str(),
         async {
             let settings = require_dashscope_settings(&state)?;
             let http_client = build_dashscope_http_client(&settings)?;
@@ -1011,11 +1013,12 @@ pub async fn generate_custom_world_opening_cg(
         .map_err(|error| custom_world_ai_error_response(&request_context, error))?;
 
     let opening_cg_id = normalized.opening_cg_id.clone();
+    let billing_asset_id = request_context.request_id().to_string();
     let generated = execute_billable_asset_operation_with_cost(
         &state,
         &owner_user_id,
         "custom_world_opening_cg",
-        opening_cg_id.as_str(),
+        billing_asset_id.as_str(),
         OPENING_CG_POINTS_COST,
         async {
             let image_settings = require_openai_image_settings(&state)?
diff --git a/server-rs/crates/api-server/src/main.rs b/server-rs/crates/api-server/src/main.rs
index 1867c754..3b7d8e8c 100644
--- a/server-rs/crates/api-server/src/main.rs
+++ b/server-rs/crates/api-server/src/main.rs
@@ -89,6 +89,7 @@ mod tracking_outbox;
 mod vector_engine_audio_generation;
 mod visual_novel;
 mod volcengine_speech;
+mod wallet_refund_outbox;
 mod wechat;
 mod wooden_fish;
 mod work_author;
@@ -115,6 +116,7 @@ use crate::{
     config::AppConfig,
     state::{AppState, AppStateInitError},
     tracking_outbox::TrackingOutbox,
+    wallet_refund_outbox::WalletRefundOutbox,
 };
 
 const API_SERVER_STARTUP_STACK_SIZE_BYTES: usize = 32 * 1024 * 1024;
@@ -125,6 +127,7 @@ const AUTH_STORE_STARTUP_RETRY_INTERVAL: Duration = Duration::from_secs(5);
 struct ShutdownContext {
     app_state: Option<AppState>,
     tracking_outbox: Option<Arc<TrackingOutbox>>,
+    wallet_refund_outbox: Option<Arc<WalletRefundOutbox>>,
     outbox_flush_timeout: Duration,
 }
 
@@ -178,11 +181,16 @@ async fn run_server(config: AppConfig) -> Result<(), io::Error> {
             if let Some(outbox) = tracking_outbox.clone() {
                 outbox.spawn_worker();
             }
+            let wallet_refund_outbox = state.wallet_refund_outbox();
+            if let Some(outbox) = wallet_refund_outbox.clone() {
+                outbox.spawn_worker();
+            }
             (
                 build_router(state.clone()),
                 ShutdownContext {
                     app_state: Some(state),
                     tracking_outbox,
+                    wallet_refund_outbox,
                     outbox_flush_timeout,
                 },
             )
@@ -192,6 +200,7 @@ async fn run_server(config: AppConfig) -> Result<(), io::Error> {
             ShutdownContext {
                 app_state: None,
                 tracking_outbox: None,
+                wallet_refund_outbox: None,
                 outbox_flush_timeout,
             },
         ),
@@ -271,12 +280,8 @@ async fn finalize_shutdown(context: ShutdownContext) {
         state.mark_not_ready();
     }
 
-    let Some(outbox) = context.tracking_outbox else {
-        return;
-    };
-
     if context.outbox_flush_timeout.is_zero() {
-        warn!("api-server 退出时 tracking outbox flush timeout 为 0，跳过主动 flush");
+        warn!("api-server 退出时 outbox flush timeout 为 0，跳过主动 flush");
         return;
     }
 
@@ -284,22 +289,45 @@ async fn finalize_shutdown(context: ShutdownContext) {
         .outbox_flush_timeout
         .as_millis()
         .min(u128::from(u64::MAX)) as u64;
-    info!(timeout_ms, "api-server 退出前封存并 flush tracking outbox");
-    match timeout(context.outbox_flush_timeout, outbox.flush_for_shutdown()).await {
-        Ok(Ok(())) => {
-            info!("api-server 退出前 tracking outbox flush 完成");
+    if let Some(outbox) = context.tracking_outbox {
+        info!(timeout_ms, "api-server 退出前封存并 flush tracking outbox");
+        match timeout(context.outbox_flush_timeout, outbox.flush_for_shutdown()).await {
+            Ok(Ok(())) => {
+                info!("api-server 退出前 tracking outbox flush 完成");
+            }
+            Ok(Err(error)) => {
+                warn!(
+                    error = %error,
+                    "api-server 退出前 tracking outbox flush 未完成，已保留本地文件等待下次启动重试"
+                );
+            }
+            Err(_) => {
+                warn!(
+                    timeout_ms,
+                    "api-server 退出前 tracking outbox flush 超时，已保留本地文件等待下次启动重试"
+                );
+            }
         }
-        Ok(Err(error)) => {
-            warn!(
-                error = %error,
-                "api-server 退出前 tracking outbox flush 未完成，已保留本地文件等待下次启动重试"
-            );
-        }
-        Err(_) => {
-            warn!(
-                timeout_ms,
-                "api-server 退出前 tracking outbox flush 超时，已保留本地文件等待下次启动重试"
-            );
+    }
+
+    if let Some(outbox) = context.wallet_refund_outbox {
+        info!(timeout_ms, "api-server 退出前 flush wallet refund outbox");
+        match timeout(context.outbox_flush_timeout, outbox.flush_for_shutdown()).await {
+            Ok(Ok(())) => {
+                info!("api-server 退出前 wallet refund outbox flush 完成");
+            }
+            Ok(Err(error)) => {
+                warn!(
+                    error = %error,
+                    "api-server 退出前 wallet refund outbox flush 未完成，已保留本地文件等待下次启动重试"
+                );
+            }
+            Err(_) => {
+                warn!(
+                    timeout_ms,
+                    "api-server 退出前 wallet refund outbox flush 超时，已保留本地文件等待下次启动重试"
+                );
+            }
         }
     }
 }
diff --git a/server-rs/crates/api-server/src/match3d.rs b/server-rs/crates/api-server/src/match3d.rs
index 1513d3ee..61828c65 100644
--- a/server-rs/crates/api-server/src/match3d.rs
+++ b/server-rs/crates/api-server/src/match3d.rs
@@ -1,4 +1,4 @@
-use std::{
+use std::{
     collections::BTreeMap,
     convert::Infallible,
     future::Future,
@@ -65,10 +65,7 @@ use spacetime_client::{
 
 use crate::{
     api_response::json_success_body,
-    asset_billing::{
-        execute_billable_asset_operation_with_cost, map_asset_operation_wallet_error,
-        should_skip_asset_operation_billing_for_connectivity,
-    },
+    asset_billing::{execute_billable_asset_operation_with_cost, map_asset_operation_wallet_error},
     auth::{AuthenticatedAccessToken, RuntimePrincipal},
     config::AppConfig,
     generated_asset_sheets::apply_generated_asset_sheet_green_screen_alpha,
@@ -354,13 +351,6 @@ impl Match3DItemAssetsGenerationPlan {
             Self::Replace(plan) => plan.requested_item_names.len(),
         }
     }
-
-    fn billing_fingerprint_source(&self) -> String {
-        match self {
-            Self::Append(plan) => format!("append:{}", plan.requested_item_names.join("|")),
-            Self::Replace(plan) => format!("replace:{}", plan.requested_item_names.join("|")),
-        }
-    }
 }
 
 fn serialize_match3d_generated_item_assets(assets: &[Match3DGeneratedItemAsset]) -> Option<String> {
diff --git a/server-rs/crates/api-server/src/match3d/draft.rs b/server-rs/crates/api-server/src/match3d/draft.rs
index eb99ec38..3c8a8c2d 100644
--- a/server-rs/crates/api-server/src/match3d/draft.rs
+++ b/server-rs/crates/api-server/src/match3d/draft.rs
@@ -162,7 +162,12 @@ pub(super) async fn compile_match3d_draft_for_session(
     let initial_tags = requested_tags
         .clone()
         .unwrap_or_else(|| fallback_work_metadata.tags.clone());
-    let billing_asset_id = format!("{}:{}:{}", session_id, profile_id, current_utc_micros());
+    let billing_asset_id = format!(
+        "{}:{}:{}",
+        session_id,
+        profile_id,
+        request_context.request_id()
+    );
     let points_cost = crate::creation_entry_config::resolve_creation_entry_mud_point_cost(
         state,
         "match3d",
@@ -514,15 +519,6 @@ async fn consume_match3d_draft_generation_points(
         .await
     {
         Ok(_) => Ok(true),
-        Err(error) if should_skip_asset_operation_billing_for_connectivity(&error) => {
-            tracing::warn!(
-                owner_user_id,
-                billing_asset_id,
-                error = %error,
-                "抓大鹅草稿泥点预扣因 SpacetimeDB 连接不可用而降级跳过"
-            );
-            Ok(false)
-        }
         Err(error) => Err(match3d_error_response(
             request_context,
             MATCH3D_AGENT_PROVIDER,
diff --git a/server-rs/crates/api-server/src/match3d/handlers.rs b/server-rs/crates/api-server/src/match3d/handlers.rs
index 6eed1281..bc3462ef 100644
--- a/server-rs/crates/api-server/src/match3d/handlers.rs
+++ b/server-rs/crates/api-server/src/match3d/handlers.rs
@@ -751,7 +751,6 @@ pub async fn generate_match3d_background_image_for_work(
     )?;
     let prompt = normalize_match3d_background_prompt(payload.prompt.as_str());
     ensure_non_empty(&request_context, MATCH3D_WORKS_PROVIDER, &prompt, "prompt")?;
-    let prompt_fingerprint = build_match3d_prompt_fingerprint(prompt.as_str());
 
     let context =
         load_match3d_work_asset_context(&state, &request_context, &authenticated, &profile_id)
@@ -763,7 +762,12 @@ pub async fn generate_match3d_background_image_for_work(
         config,
         assets,
     } = context;
-    let billing_asset_id = format!("{}:{}:{}", session_id, profile_id, prompt_fingerprint);
+    let billing_asset_id = format!(
+        "{}:{}:{}",
+        session_id,
+        profile_id,
+        request_context.request_id()
+    );
     let (generated_background, generated_assets) = execute_billable_asset_operation_with_cost(
         &state,
         owner_user_id.as_str(),
@@ -860,7 +864,6 @@ pub async fn generate_match3d_container_image_for_work(
     )?;
     let prompt = normalize_match3d_background_prompt(payload.prompt.as_str());
     ensure_non_empty(&request_context, MATCH3D_WORKS_PROVIDER, &prompt, "prompt")?;
-    let prompt_fingerprint = build_match3d_prompt_fingerprint(prompt.as_str());
 
     let context =
         load_match3d_work_asset_context(&state, &request_context, &authenticated, &profile_id)
@@ -874,7 +877,9 @@ pub async fn generate_match3d_container_image_for_work(
     } = context;
     let billing_asset_id = format!(
         "{}:{}:{}:container",
-        session_id, profile_id, prompt_fingerprint
+        session_id,
+        profile_id,
+        request_context.request_id()
     );
     let (generated_background, generated_assets) = execute_billable_asset_operation_with_cost(
         &state,
@@ -1017,7 +1022,7 @@ pub async fn generate_match3d_item_assets_for_work(
         session_id,
         profile_id,
         billed_item_count,
-        build_match3d_prompt_fingerprint(generation_plan.billing_fingerprint_source().as_str())
+        request_context.request_id()
     );
     let generated_assets = execute_billable_asset_operation_with_cost(
         &state,
diff --git a/server-rs/crates/api-server/src/match3d/item_assets.rs b/server-rs/crates/api-server/src/match3d/item_assets.rs
index 670d3ca8..5de20f2e 100644
--- a/server-rs/crates/api-server/src/match3d/item_assets.rs
+++ b/server-rs/crates/api-server/src/match3d/item_assets.rs
@@ -1208,14 +1208,6 @@ pub(super) fn normalize_match3d_background_prompt(raw: &str) -> String {
         .to_string()
 }
 
-pub(super) fn build_match3d_prompt_fingerprint(value: &str) -> String {
-    let mut hash = 0u32;
-    for character in value.chars() {
-        hash = hash.wrapping_mul(31).wrapping_add(character as u32);
-    }
-    format!("{hash:08x}")
-}
-
 pub(super) fn build_fallback_match3d_background_prompt(config: &Match3DConfigJson) -> String {
     let theme = config.theme_text.trim();
     let normalized_theme = if theme.is_empty() { "抓大鹅" } else { theme };
diff --git a/server-rs/crates/api-server/src/puzzle.rs b/server-rs/crates/api-server/src/puzzle.rs
index b428f2f2..6581676c 100644
--- a/server-rs/crates/api-server/src/puzzle.rs
+++ b/server-rs/crates/api-server/src/puzzle.rs
@@ -1,6 +1,5 @@
 use std::{
-    collections::{BTreeMap, HashSet},
-    sync::{Mutex, OnceLock},
+    collections::BTreeMap,
     time::{Instant, SystemTime, UNIX_EPOCH},
 };
 
@@ -56,17 +55,19 @@ use spacetime_client::{
     PuzzleAgentMessageRecord, PuzzleAgentMessageSubmitRecordInput,
     PuzzleAgentSessionCreateRecordInput, PuzzleAgentSessionRecord,
     PuzzleAgentSuggestedActionRecord, PuzzleAnchorItemRecord, PuzzleAnchorPackRecord,
-    PuzzleAudioAssetRecord, PuzzleCreatorIntentRecord, PuzzleDraftCompileFailureRecordInput,
-    PuzzleDraftLevelRecord, PuzzleFormDraftRecord, PuzzleFormDraftSaveRecordInput,
-    PuzzleGeneratedImageCandidateRecord, PuzzleGeneratedImagesSaveRecordInput,
-    PuzzleLeaderboardEntryRecord, PuzzleLeaderboardSubmitRecordInput, PuzzlePublishRecordInput,
-    PuzzleRecommendedNextWorkRecord, PuzzleResultDraftRecord, PuzzleResultPreviewBlockerRecord,
-    PuzzleResultPreviewFindingRecord, PuzzleResultPreviewRecord, PuzzleRunDragRecordInput,
-    PuzzleRunPauseRecordInput, PuzzleRunPropRecordInput, PuzzleRunRecord,
-    PuzzleRunStartRecordInput, PuzzleRunSwapRecordInput, PuzzleSelectCoverImageRecordInput,
-    PuzzleUiBackgroundSaveRecordInput, PuzzleWorkLikeReportRecordInput,
-    PuzzleWorkPointIncentiveClaimRecordInput, PuzzleWorkProfileRecord, PuzzleWorkRemixRecordInput,
-    PuzzleWorkUpsertRecordInput, SpacetimeClientError,
+    PuzzleAudioAssetRecord, PuzzleBackgroundCompileTaskClaimRecordInput,
+    PuzzleBackgroundCompileTaskReleaseRecordInput, PuzzleCreatorIntentRecord,
+    PuzzleDraftCompileFailureRecordInput, PuzzleDraftLevelRecord, PuzzleFormDraftRecord,
+    PuzzleFormDraftSaveRecordInput, PuzzleGeneratedImageCandidateRecord,
+    PuzzleGeneratedImagesSaveRecordInput, PuzzleLeaderboardEntryRecord,
+    PuzzleLeaderboardSubmitRecordInput, PuzzlePublishRecordInput, PuzzleRecommendedNextWorkRecord,
+    PuzzleResultDraftRecord, PuzzleResultPreviewBlockerRecord, PuzzleResultPreviewFindingRecord,
+    PuzzleResultPreviewRecord, PuzzleRunDragRecordInput, PuzzleRunPauseRecordInput,
+    PuzzleRunPropRecordInput, PuzzleRunRecord, PuzzleRunStartRecordInput, PuzzleRunSwapRecordInput,
+    PuzzleSelectCoverImageRecordInput, PuzzleUiBackgroundSaveRecordInput,
+    PuzzleWorkLikeReportRecordInput, PuzzleWorkPointIncentiveClaimRecordInput,
+    PuzzleWorkProfileRecord, PuzzleWorkRemixRecordInput, PuzzleWorkUpsertRecordInput,
+    SpacetimeClientError,
 };
 use std::convert::Infallible;
 
@@ -134,38 +135,51 @@ const PUZZLE_UI_BACKGROUND_PROMPT_FALLBACK_MARKER: &str =
 const PUZZLE_VECTOR_ENGINE_SQUARE_IMAGE_SIZE: &str = "1024x1024";
 const PUZZLE_VECTOR_ENGINE_PORTRAIT_IMAGE_SIZE: &str = "1024x1536";
 
-static PUZZLE_BACKGROUND_COMPILE_TASKS: OnceLock<Mutex<HashSet<String>>> = OnceLock::new();
-
-fn puzzle_background_compile_tasks() -> &'static Mutex<HashSet<String>> {
-    PUZZLE_BACKGROUND_COMPILE_TASKS.get_or_init(|| Mutex::new(HashSet::new()))
+fn build_puzzle_background_compile_task_id(session_id: &str) -> String {
+    format!("puzzle_initial_background:{session_id}")
 }
 
-fn try_register_puzzle_background_compile_task(session_id: &str) -> bool {
-    match puzzle_background_compile_tasks().lock() {
-        Ok(mut tasks) => tasks.insert(session_id.to_string()),
-        Err(error) => {
+fn build_puzzle_background_compile_claim_id(task_id: &str, request_id: &str) -> String {
+    format!("{task_id}:{request_id}")
+}
+
+async fn release_claimed_puzzle_background_compile_task(
+    state: &PuzzleApiState,
+    task_id: &str,
+    claim_id: &str,
+    session_id: &str,
+    owner_user_id: &str,
+) {
+    let result = state
+        .spacetime_client()
+        .release_puzzle_background_compile_task(PuzzleBackgroundCompileTaskReleaseRecordInput {
+            task_id: task_id.to_string(),
+            claim_id: claim_id.to_string(),
+            session_id: session_id.to_string(),
+            owner_user_id: owner_user_id.to_string(),
+        })
+        .await;
+    match result {
+        Ok(true) => {}
+        Ok(false) => {
             tracing::warn!(
                 provider = PUZZLE_AGENT_API_BASE_PROVIDER,
+                task_id,
+                claim_id,
                 session_id,
-                error = %error,
-                "拼图后台生成任务注册表锁已损坏，允许本次任务继续"
+                owner_user_id,
+                "拼图首图后台生成任务释放未命中当前 claim"
             );
-            true
-        }
-    }
-}
-
-fn unregister_puzzle_background_compile_task(session_id: &str) {
-    match puzzle_background_compile_tasks().lock() {
-        Ok(mut tasks) => {
-            tasks.remove(session_id);
         }
         Err(error) => {
             tracing::warn!(
                 provider = PUZZLE_AGENT_API_BASE_PROVIDER,
+                task_id,
+                claim_id,
                 session_id,
+                owner_user_id,
                 error = %error,
-                "拼图后台生成任务注册表解锁失败，忽略清理"
+                "拼图首图后台生成任务释放失败"
             );
         }
     }
diff --git a/server-rs/crates/api-server/src/puzzle/handlers.rs b/server-rs/crates/api-server/src/puzzle/handlers.rs
index 2fa1a265..d7a2b0bd 100644
--- a/server-rs/crates/api-server/src/puzzle/handlers.rs
+++ b/server-rs/crates/api-server/src/puzzle/handlers.rs
@@ -588,7 +588,7 @@ pub async fn execute_puzzle_agent_action(
     let owner_user_id = authenticated.claims().user_id().to_string();
     let now = current_utc_micros();
     let action = payload.action.trim().to_string();
-    let billing_asset_id = format!("{session_id}:{now}");
+    let billing_asset_id = format!("{}:{}:{}", session_id, action, request_context.request_id());
     let mut operation_consumed_points = 0;
     tracing::info!(
         provider = PUZZLE_AGENT_API_BASE_PROVIDER,
@@ -695,156 +695,207 @@ pub async fn execute_puzzle_agent_action(
                 Err(response) => return Err(response),
             };
             let session = if ai_redraw {
-                if !try_register_puzzle_background_compile_task(&compile_session_id) {
-                    tracing::info!(
-                        provider = PUZZLE_AGENT_API_BASE_PROVIDER,
-                        session_id = %compile_session_id,
-                        owner_user_id = %owner_user_id,
-                        "拼图首图后台生成任务已存在，本次 action 直接返回生成中会话"
-                    );
-                    state
-                        .spacetime_client()
-                        .get_puzzle_agent_session(compile_session_id.clone(), owner_user_id.clone())
-                        .await
-                        .map(mark_puzzle_initial_generation_started_snapshot)
-                        .map_err(map_puzzle_client_error)
-                } else {
-                    let compiled_session = state
-                        .spacetime_client()
-                        .compile_puzzle_agent_draft(
-                            compile_session_id.clone(),
-                            owner_user_id.clone(),
-                            now,
-                        )
-                        .await
-                        .map_err(map_puzzle_compile_error);
-                    match compiled_session {
-                        Ok(compiled_session) => {
-                            let response_session = mark_puzzle_initial_generation_started_snapshot(
-                                compiled_session.clone(),
-                            );
-                            let background_state = state.clone();
-                            let background_request_context = request_context.clone();
-                            let background_session_id = compile_session_id.clone();
-                            let background_owner_user_id = owner_user_id.clone();
-                            let background_prompt_text = prompt_text.map(str::to_string);
-                            let background_reference_image_src =
-                                primary_reference_image_src.map(str::to_string);
-                            let background_image_model = payload.image_model.clone();
-                            let background_points_cost = puzzle_draft_generation_points_cost;
-                            let background_work_name = compiled_session
-                                .draft
-                                .as_ref()
-                                .map(|draft| draft.work_title.clone());
-                            let background_billing_asset_id =
-                                format!("{background_session_id}:compile_puzzle_draft");
-                            tokio::spawn(async move {
-                                let operation_owner_user_id = background_owner_user_id.clone();
-                                let background_root_state = background_state.root_state().clone();
-                                let operation_state = background_state.clone();
-                                let result = execute_billable_asset_operation_with_cost(
-                                    &background_root_state,
-                                    &background_owner_user_id,
-                                    "puzzle_initial_image",
-                                    &background_billing_asset_id,
-                                    background_points_cost,
-                                    async move {
-                                        generate_puzzle_initial_cover_from_compiled_session(
-                                            &operation_state,
-                                            &background_request_context,
-                                            compiled_session,
-                                            operation_owner_user_id,
-                                            background_prompt_text.as_deref(),
-                                            background_reference_image_src.as_deref(),
-                                            background_image_model.as_deref(),
-                                            current_utc_micros(),
-                                        )
-                                        .await
-                                    },
-                                )
-                                .await;
-                                match result {
-                                    Ok(session) => {
-                                        send_generation_result_subscribe_message_after_completion(
-                                            &background_root_state,
-                                            GenerationResultSubscribeMessage {
-                                                owner_user_id: background_owner_user_id.clone(),
-                                                task_name: Some("拼图".to_string()),
-                                                work_name: session
-                                                    .draft
-                                                    .as_ref()
-                                                    .map(|draft| draft.work_title.clone()),
-                                                status:
-                                                    GenerationResultSubscribeMessageStatus::Succeeded,
-                                                consumed_points: background_points_cost,
-                                                completed_at_micros: current_utc_micros(),
-                                                page: Some("/pages/web-view/index".to_string()),
-                                            },
-                                        )
-                                        .await;
-                                        tracing::info!(
-                                            provider = PUZZLE_AGENT_API_BASE_PROVIDER,
-                                            session_id = %session.session_id,
-                                            owner_user_id = %background_owner_user_id,
-                                            "拼图首图后台生成任务完成"
-                                        );
-                                    }
-                                    Err(error) => {
-                                        let error_message = error.body_text();
-                                        let failed_at_micros = current_utc_micros();
-                                        let failure_result = background_state
-                                            .spacetime_client()
-                                            .mark_puzzle_draft_generation_failed(
-                                                PuzzleDraftCompileFailureRecordInput {
-                                                    session_id: background_session_id.clone(),
-                                                    owner_user_id: background_owner_user_id.clone(),
-                                                    error_message: error_message.clone(),
-                                                    failed_at_micros,
-                                                },
+                let background_task_id =
+                    build_puzzle_background_compile_task_id(&compile_session_id);
+                let background_claim_id = build_puzzle_background_compile_claim_id(
+                    &background_task_id,
+                    request_context.request_id(),
+                );
+                let claim_result = state
+                    .spacetime_client()
+                    .claim_puzzle_background_compile_task(
+                        PuzzleBackgroundCompileTaskClaimRecordInput {
+                            task_id: background_task_id.clone(),
+                            claim_id: background_claim_id.clone(),
+                            session_id: compile_session_id.clone(),
+                            owner_user_id: owner_user_id.clone(),
+                            claimed_at_micros: current_utc_micros(),
+                        },
+                    )
+                    .await
+                    .map_err(map_puzzle_client_error);
+                match claim_result {
+                    Ok(false) => {
+                        tracing::info!(
+                            provider = PUZZLE_AGENT_API_BASE_PROVIDER,
+                            session_id = %compile_session_id,
+                            owner_user_id = %owner_user_id,
+                            task_id = %background_task_id,
+                            "拼图首图后台生成任务已存在，本次 action 直接返回生成中会话"
+                        );
+                        state
+                            .spacetime_client()
+                            .get_puzzle_agent_session(
+                                compile_session_id.clone(),
+                                owner_user_id.clone(),
+                            )
+                            .await
+                            .map(mark_puzzle_initial_generation_started_snapshot)
+                            .map_err(map_puzzle_client_error)
+                    }
+                    Ok(true) => {
+                        let compiled_session = state
+                            .spacetime_client()
+                            .compile_puzzle_agent_draft(
+                                compile_session_id.clone(),
+                                owner_user_id.clone(),
+                                now,
+                            )
+                            .await
+                            .map_err(map_puzzle_compile_error);
+                        match compiled_session {
+                            Ok(compiled_session) => {
+                                let response_session =
+                                    mark_puzzle_initial_generation_started_snapshot(
+                                        compiled_session.clone(),
+                                    );
+                                let background_state = state.clone();
+                                let background_request_context = request_context.clone();
+                                let background_session_id = compile_session_id.clone();
+                                let background_owner_user_id = owner_user_id.clone();
+                                let background_task_id = background_task_id.clone();
+                                let background_claim_id = background_claim_id.clone();
+                                let background_prompt_text = prompt_text.map(str::to_string);
+                                let background_reference_image_src =
+                                    primary_reference_image_src.map(str::to_string);
+                                let background_image_model = payload.image_model.clone();
+                                let background_points_cost = puzzle_draft_generation_points_cost;
+                                let background_work_name = compiled_session
+                                    .draft
+                                    .as_ref()
+                                    .map(|draft| draft.work_title.clone());
+                                let background_billing_asset_id = format!(
+                                    "{background_session_id}:compile_puzzle_draft:{}",
+                                    background_request_context.request_id()
+                                );
+                                tokio::spawn(async move {
+                                    let operation_owner_user_id = background_owner_user_id.clone();
+                                    let background_root_state =
+                                        background_state.root_state().clone();
+                                    let operation_state = background_state.clone();
+                                    let result = execute_billable_asset_operation_with_cost(
+                                        &background_root_state,
+                                        &background_owner_user_id,
+                                        "puzzle_initial_image",
+                                        &background_billing_asset_id,
+                                        background_points_cost,
+                                        async move {
+                                            generate_puzzle_initial_cover_from_compiled_session(
+                                                &operation_state,
+                                                &background_request_context,
+                                                compiled_session,
+                                                operation_owner_user_id,
+                                                background_prompt_text.as_deref(),
+                                                background_reference_image_src.as_deref(),
+                                                background_image_model.as_deref(),
+                                                current_utc_micros(),
                                             )
-                                            .await;
-                                        if let Err(mark_error) = failure_result {
-                                            tracing::warn!(
-                                                provider = PUZZLE_AGENT_API_BASE_PROVIDER,
-                                                session_id = %background_session_id,
-                                                owner_user_id = %background_owner_user_id,
-                                                message = %mark_error,
-                                                "拼图首图后台生成失败态回写失败"
-                                            );
-                                        } else {
+                                            .await
+                                        },
+                                    )
+                                    .await;
+                                    match result {
+                                        Ok(session) => {
                                             send_generation_result_subscribe_message_after_completion(
                                                 &background_root_state,
                                                 GenerationResultSubscribeMessage {
                                                     owner_user_id: background_owner_user_id.clone(),
                                                     task_name: Some("拼图".to_string()),
-                                                    work_name: background_work_name.clone(),
+                                                    work_name: session
+                                                        .draft
+                                                        .as_ref()
+                                                        .map(|draft| draft.work_title.clone()),
                                                     status:
-                                                        GenerationResultSubscribeMessageStatus::Failed,
-                                                    consumed_points: 0,
-                                                    completed_at_micros: failed_at_micros,
+                                                        GenerationResultSubscribeMessageStatus::Succeeded,
+                                                    consumed_points: background_points_cost,
+                                                    completed_at_micros: current_utc_micros(),
                                                     page: Some("/pages/web-view/index".to_string()),
                                                 },
                                             )
                                             .await;
+                                            tracing::info!(
+                                                provider = PUZZLE_AGENT_API_BASE_PROVIDER,
+                                                session_id = %session.session_id,
+                                                owner_user_id = %background_owner_user_id,
+                                                "拼图首图后台生成任务完成"
+                                            );
+                                        }
+                                        Err(error) => {
+                                            let error_message = error.body_text();
+                                            let failed_at_micros = current_utc_micros();
+                                            let failure_result = background_state
+                                                .spacetime_client()
+                                                .mark_puzzle_draft_generation_failed(
+                                                    PuzzleDraftCompileFailureRecordInput {
+                                                        session_id: background_session_id.clone(),
+                                                        owner_user_id: background_owner_user_id
+                                                            .clone(),
+                                                        error_message: error_message.clone(),
+                                                        failed_at_micros,
+                                                    },
+                                                )
+                                                .await;
+                                            if let Err(mark_error) = failure_result {
+                                                tracing::warn!(
+                                                    provider = PUZZLE_AGENT_API_BASE_PROVIDER,
+                                                    session_id = %background_session_id,
+                                                    owner_user_id = %background_owner_user_id,
+                                                    message = %mark_error,
+                                                    "拼图首图后台生成失败态回写失败"
+                                                );
+                                            } else {
+                                                send_generation_result_subscribe_message_after_completion(
+                                                    &background_root_state,
+                                                    GenerationResultSubscribeMessage {
+                                                        owner_user_id: background_owner_user_id
+                                                            .clone(),
+                                                        task_name: Some("拼图".to_string()),
+                                                        work_name: background_work_name.clone(),
+                                                        status:
+                                                            GenerationResultSubscribeMessageStatus::Failed,
+                                                        consumed_points: 0,
+                                                        completed_at_micros: failed_at_micros,
+                                                        page: Some(
+                                                            "/pages/web-view/index".to_string(),
+                                                        ),
+                                                    },
+                                                )
+                                                .await;
+                                            }
+                                            tracing::warn!(
+                                                provider = PUZZLE_AGENT_API_BASE_PROVIDER,
+                                                session_id = %background_session_id,
+                                                owner_user_id = %background_owner_user_id,
+                                                message = %error_message,
+                                                "拼图首图后台生成任务失败"
+                                            );
                                         }
-                                        tracing::warn!(
-                                            provider = PUZZLE_AGENT_API_BASE_PROVIDER,
-                                            session_id = %background_session_id,
-                                            owner_user_id = %background_owner_user_id,
-                                            message = %error_message,
-                                            "拼图首图后台生成任务失败"
-                                        );
                                     }
-                                }
-                                unregister_puzzle_background_compile_task(&background_session_id);
-                            });
-                            Ok(response_session)
-                        }
-                        Err(error) => {
-                            unregister_puzzle_background_compile_task(&compile_session_id);
-                            Err(error)
+                                    release_claimed_puzzle_background_compile_task(
+                                        &background_state,
+                                        &background_task_id,
+                                        &background_claim_id,
+                                        &background_session_id,
+                                        &background_owner_user_id,
+                                    )
+                                    .await;
+                                });
+                                Ok(response_session)
+                            }
+                            Err(error) => {
+                                release_claimed_puzzle_background_compile_task(
+                                    &state,
+                                    &background_task_id,
+                                    &background_claim_id,
+                                    &compile_session_id,
+                                    &owner_user_id,
+                                )
+                                .await;
+                                Err(error)
+                            }
                         }
                     }
+                    Err(error) => Err(error),
                 }
             } else {
                 compile_puzzle_draft_with_uploaded_cover(
@@ -2231,7 +2282,7 @@ pub async fn use_puzzle_runtime_prop(
         }
     };
     let should_sync_freeze_boundary = matches!(prop_kind.as_str(), "freezeTime" | "freeze_time");
-    let billing_asset_id = format!("{}:{}:{}", run_id, prop_kind, current_utc_micros());
+    let billing_asset_id = format!("{}:{}:{}", run_id, prop_kind, request_context.request_id());
     let reducer_owner_user_id = owner_user_id.clone();
     let reducer_run_id = run_id.clone();
     let fallback_run_id = run_id.clone();
diff --git a/server-rs/crates/api-server/src/state.rs b/server-rs/crates/api-server/src/state.rs
index d8882747..57653736 100644
--- a/server-rs/crates/api-server/src/state.rs
+++ b/server-rs/crates/api-server/src/state.rs
@@ -41,6 +41,7 @@ use tracing::{info, warn};
 use crate::config::AppConfig;
 use crate::puzzle_gallery_cache::PuzzleGalleryCache;
 use crate::tracking_outbox::TrackingOutbox;
+use crate::wallet_refund_outbox::WalletRefundOutbox;
 use crate::wechat::pay::{build_wechat_pay_config, map_wechat_pay_init_error};
 use crate::wechat::provider::build_wechat_provider;
 use crate::work_author::{
@@ -263,6 +264,7 @@ pub struct AppStateInner {
     spacetime_client: SpacetimeClient,
     puzzle_gallery_cache: PuzzleGalleryCache,
     tracking_outbox: Option<Arc<TrackingOutbox>>,
+    wallet_refund_outbox: Option<Arc<WalletRefundOutbox>>,
     llm_client: Option<LlmClient>,
     creative_agent_gpt5_client: Option<LlmClient>,
     creative_agent_executor: Arc<MockLangChainRustAgentExecutor>,
@@ -406,6 +408,8 @@ impl AppState {
             procedure_timeout: config.spacetime_procedure_timeout,
         });
         let tracking_outbox = TrackingOutbox::from_config(&config, spacetime_client.clone());
+        let wallet_refund_outbox =
+            WalletRefundOutbox::from_config(&config, spacetime_client.clone());
         let llm_client = build_llm_client(&config)?;
         let creative_agent_gpt5_client = build_creative_agent_gpt5_client(&config)?;
         let http_request_permit_pools = HttpRequestPermitPools::from_config(&config);
@@ -441,6 +445,7 @@ impl AppState {
             spacetime_client,
             puzzle_gallery_cache: PuzzleGalleryCache::new(),
             tracking_outbox,
+            wallet_refund_outbox,
             llm_client,
             creative_agent_gpt5_client,
             creative_agent_executor: Arc::new(MockLangChainRustAgentExecutor),
@@ -922,6 +927,10 @@ impl AppState {
         self.tracking_outbox.clone()
     }
 
+    pub fn wallet_refund_outbox(&self) -> Option<Arc<WalletRefundOutbox>> {
+        self.wallet_refund_outbox.clone()
+    }
+
     pub fn llm_client(&self) -> Option<&LlmClient> {
         self.llm_client.as_ref()
     }
diff --git a/server-rs/crates/api-server/src/wallet_refund_outbox.rs b/server-rs/crates/api-server/src/wallet_refund_outbox.rs
new file mode 100644
index 00000000..0169cd2a
--- /dev/null
+++ b/server-rs/crates/api-server/src/wallet_refund_outbox.rs
@@ -0,0 +1,463 @@
+use std::{
+    fmt,
+    path::{Path, PathBuf},
+    sync::Arc,
+    time::{Duration, SystemTime, UNIX_EPOCH},
+};
+
+use serde::{Deserialize, Serialize};
+use sha2::{Digest, Sha256};
+use spacetime_client::{SpacetimeClient, SpacetimeClientError};
+use tokio::{
+    fs::{self, File, OpenOptions},
+    io::{AsyncReadExt, AsyncWriteExt},
+    sync::{Mutex, Notify},
+    time::sleep,
+};
+use tracing::{debug, warn};
+
+use crate::config::AppConfig;
+
+const PENDING_FILE_PREFIX: &str = "refund-";
+const CORRUPT_FILE_PREFIX: &str = "corrupt-";
+const TEMP_FILE_PREFIX: &str = "tmp-";
+const OUTBOX_FILE_EXTENSION: &str = ".json";
+
+#[derive(Clone)]
+pub struct WalletRefundOutbox {
+    dir: PathBuf,
+    batch_size: usize,
+    flush_interval: Duration,
+    max_bytes: u64,
+    spacetime_client: SpacetimeClient,
+    enqueue_lock: Arc<Mutex<()>>,
+    flush_notify: Arc<Notify>,
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub(crate) struct WalletRefundOutboxRecord {
+    pub owner_user_id: String,
+    pub amount: u64,
+    pub ledger_id: String,
+    pub created_at_micros: i64,
+    pub asset_kind: String,
+    pub asset_id: String,
+}
+
+#[derive(Debug)]
+pub enum WalletRefundOutboxEnqueueOutcome {
+    Enqueued,
+    Dropped { reason: &'static str },
+}
+
+#[derive(Debug)]
+pub enum WalletRefundOutboxError {
+    Io(std::io::Error),
+    Json(serde_json::Error),
+    Spacetime(SpacetimeClientError),
+}
+
+impl WalletRefundOutbox {
+    pub fn from_config(config: &AppConfig, spacetime_client: SpacetimeClient) -> Option<Arc<Self>> {
+        if !config.wallet_refund_outbox_enabled {
+            return None;
+        }
+
+        Some(Arc::new(Self {
+            dir: config.wallet_refund_outbox_dir.clone(),
+            batch_size: config.wallet_refund_outbox_batch_size.max(1),
+            flush_interval: config.wallet_refund_outbox_flush_interval,
+            max_bytes: config.wallet_refund_outbox_max_bytes,
+            spacetime_client,
+            enqueue_lock: Arc::new(Mutex::new(())),
+            flush_notify: Arc::new(Notify::new()),
+        }))
+    }
+
+    pub async fn enqueue(
+        &self,
+        record: WalletRefundOutboxRecord,
+    ) -> Result<WalletRefundOutboxEnqueueOutcome, WalletRefundOutboxError> {
+        let _guard = self.enqueue_lock.lock().await;
+        fs::create_dir_all(&self.dir).await?;
+
+        let pending_path = self.pending_path_for_ledger(&record.ledger_id);
+        if fs::metadata(&pending_path).await.is_ok() {
+            self.flush_notify.notify_one();
+            return Ok(WalletRefundOutboxEnqueueOutcome::Enqueued);
+        }
+
+        let bytes = serde_json::to_vec(&record)?;
+        let line_bytes = bytes.len().min(u64::MAX as usize) as u64;
+        let current_bytes = directory_size_if_exists(&self.dir).unwrap_or(0);
+        if current_bytes.saturating_add(line_bytes) > self.max_bytes {
+            return Ok(WalletRefundOutboxEnqueueOutcome::Dropped {
+                reason: "max_bytes",
+            });
+        }
+
+        let temp_path = self.temp_path();
+        let mut file = OpenOptions::new()
+            .create_new(true)
+            .write(true)
+            .open(&temp_path)
+            .await?;
+        file.write_all(&bytes).await?;
+        file.flush().await?;
+        file.sync_data().await?;
+        drop(file);
+        if fs::metadata(&pending_path).await.is_ok() {
+            let _ = fs::remove_file(&temp_path).await;
+            self.flush_notify.notify_one();
+            return Ok(WalletRefundOutboxEnqueueOutcome::Enqueued);
+        }
+        fs::rename(&temp_path, &pending_path).await?;
+        sync_directory_metadata(&self.dir).await?;
+        self.flush_notify.notify_one();
+        Ok(WalletRefundOutboxEnqueueOutcome::Enqueued)
+    }
+
+    pub fn spawn_worker(self: Arc<Self>) {
+        tokio::spawn(async move {
+            loop {
+                tokio::select! {
+                    _ = sleep(self.flush_interval) => {
+                        if let Err(error) = self.flush_pending_files_once().await {
+                            warn!(error = %error, "wallet refund outbox 重放退款失败，将保留文件等待重试");
+                        }
+                    }
+                    _ = self.flush_notify.notified() => {
+                        if let Err(error) = self.flush_pending_files_once().await {
+                            warn!(error = %error, "wallet refund outbox 主动重放退款失败，将保留文件等待重试");
+                        }
+                    }
+                }
+            }
+        });
+    }
+
+    pub async fn flush_for_shutdown(&self) -> Result<(), WalletRefundOutboxError> {
+        self.flush_pending_files_once().await
+    }
+
+    async fn flush_pending_files_once(&self) -> Result<(), WalletRefundOutboxError> {
+        fs::create_dir_all(&self.dir).await?;
+        let pending_files = self.list_pending_files().await?;
+        for path in pending_files.into_iter().take(self.batch_size) {
+            let record = match read_refund_record(&path).await {
+                Ok(record) => record,
+                Err(error) if error.is_data_corruption() => {
+                    let corrupt_path = self.corrupt_path_for(&path);
+                    fs::rename(&path, &corrupt_path).await?;
+                    sync_directory_metadata(&self.dir).await?;
+                    warn!(
+                        error = %error,
+                        source = %path.display(),
+                        target = %corrupt_path.display(),
+                        "wallet refund outbox 文件无法解析，已隔离"
+                    );
+                    continue;
+                }
+                Err(error) => return Err(error),
+            };
+
+            match self
+                .spacetime_client
+                .refund_profile_wallet_points(
+                    record.owner_user_id.clone(),
+                    record.amount,
+                    record.ledger_id.clone(),
+                    record.created_at_micros,
+                )
+                .await
+            {
+                Ok(_) => {
+                    match fs::remove_file(&path).await {
+                        Ok(()) => {}
+                        Err(error) if error.kind() == std::io::ErrorKind::NotFound => {}
+                        Err(error) => return Err(error.into()),
+                    }
+                    sync_directory_metadata(&self.dir).await?;
+                    debug!(
+                        ledger_id = %record.ledger_id,
+                        owner_user_id = %record.owner_user_id,
+                        asset_kind = %record.asset_kind,
+                        asset_id = %record.asset_id,
+                        path = %path.display(),
+                        "wallet refund outbox 退款已重放并删除文件"
+                    );
+                }
+                Err(error) => return Err(WalletRefundOutboxError::Spacetime(error)),
+            }
+        }
+        Ok(())
+    }
+
+    async fn list_pending_files(&self) -> Result<Vec<PathBuf>, WalletRefundOutboxError> {
+        let mut entries = fs::read_dir(&self.dir).await?;
+        let mut files = Vec::new();
+        while let Some(entry) = entries.next_entry().await? {
+            let path = entry.path();
+            let Some(name) = path.file_name().and_then(|value| value.to_str()) else {
+                continue;
+            };
+            if name.starts_with(PENDING_FILE_PREFIX) && name.ends_with(OUTBOX_FILE_EXTENSION) {
+                files.push(path);
+            }
+        }
+        files.sort();
+        Ok(files)
+    }
+
+    fn pending_path_for_ledger(&self, ledger_id: &str) -> PathBuf {
+        self.dir.join(format!(
+            "{PENDING_FILE_PREFIX}{}{OUTBOX_FILE_EXTENSION}",
+            ledger_id_hash(ledger_id)
+        ))
+    }
+
+    fn temp_path(&self) -> PathBuf {
+        self.dir.join(format!(
+            "{TEMP_FILE_PREFIX}{}-{uuid}{OUTBOX_FILE_EXTENSION}",
+            current_unix_micros(),
+            uuid = uuid::Uuid::new_v4()
+        ))
+    }
+
+    fn corrupt_path_for(&self, path: &Path) -> PathBuf {
+        let name = path
+            .file_name()
+            .and_then(|value| value.to_str())
+            .unwrap_or("unknown.json");
+        self.dir.join(format!(
+            "{CORRUPT_FILE_PREFIX}{}-{uuid}-{name}",
+            current_unix_micros(),
+            uuid = uuid::Uuid::new_v4()
+        ))
+    }
+}
+
+impl fmt::Debug for WalletRefundOutbox {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_struct("WalletRefundOutbox")
+            .field("dir", &self.dir)
+            .field("batch_size", &self.batch_size)
+            .field("flush_interval", &self.flush_interval)
+            .field("max_bytes", &self.max_bytes)
+            .finish()
+    }
+}
+
+impl fmt::Display for WalletRefundOutboxError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Self::Io(error) => write!(f, "{error}"),
+            Self::Json(error) => write!(f, "{error}"),
+            Self::Spacetime(error) => write!(f, "{error}"),
+        }
+    }
+}
+
+impl From<std::io::Error> for WalletRefundOutboxError {
+    fn from(value: std::io::Error) -> Self {
+        Self::Io(value)
+    }
+}
+
+impl From<serde_json::Error> for WalletRefundOutboxError {
+    fn from(value: serde_json::Error) -> Self {
+        Self::Json(value)
+    }
+}
+
+impl WalletRefundOutboxError {
+    fn is_data_corruption(&self) -> bool {
+        matches!(self, Self::Json(_))
+    }
+}
+
+async fn read_refund_record(
+    path: &Path,
+) -> Result<WalletRefundOutboxRecord, WalletRefundOutboxError> {
+    let mut file = File::open(path).await?;
+    let mut bytes = Vec::new();
+    file.read_to_end(&mut bytes).await?;
+    Ok(serde_json::from_slice::<WalletRefundOutboxRecord>(&bytes)?)
+}
+
+fn directory_size_if_exists(path: &Path) -> Result<u64, std::io::Error> {
+    if !path.is_dir() {
+        return Ok(0);
+    }
+
+    let mut total = 0u64;
+    for entry in std::fs::read_dir(path)? {
+        let entry = entry?;
+        if !is_pending_outbox_file_name(&entry.file_name()) {
+            continue;
+        }
+        let metadata = entry.metadata()?;
+        if metadata.is_file() {
+            total = total.saturating_add(metadata.len());
+        }
+    }
+    Ok(total)
+}
+
+fn current_unix_micros() -> u128 {
+    SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .unwrap_or_default()
+        .as_micros()
+}
+
+fn ledger_id_hash(ledger_id: &str) -> String {
+    hex::encode(Sha256::digest(ledger_id.as_bytes()))
+}
+
+fn is_pending_outbox_file_name(name: &std::ffi::OsStr) -> bool {
+    name.to_str().is_some_and(|value| {
+        value.starts_with(PENDING_FILE_PREFIX) && value.ends_with(OUTBOX_FILE_EXTENSION)
+    })
+}
+
+async fn sync_directory_metadata(path: &Path) -> Result<(), WalletRefundOutboxError> {
+    let path = path.to_path_buf();
+    tokio::task::spawn_blocking(move || {
+        let dir = std::fs::File::open(path)?;
+        dir.sync_all()
+    })
+    .await
+    .map_err(|error| std::io::Error::new(std::io::ErrorKind::Other, error.to_string()))??;
+    Ok(())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn sample_record(ledger_id: &str) -> WalletRefundOutboxRecord {
+        WalletRefundOutboxRecord {
+            owner_user_id: "user-1".to_string(),
+            amount: 2,
+            ledger_id: ledger_id.to_string(),
+            created_at_micros: 1_713_680_000_000_000,
+            asset_kind: "puzzle_initial_image".to_string(),
+            asset_id: "asset-1".to_string(),
+        }
+    }
+
+    fn test_dir(name: &str) -> PathBuf {
+        let dir = std::env::temp_dir().join(format!(
+            "genarrative-wallet-refund-outbox-{name}-{}",
+            current_unix_micros()
+        ));
+        let _ = std::fs::remove_dir_all(&dir);
+        dir
+    }
+
+    fn test_outbox(dir: PathBuf, max_bytes: u64) -> Arc<WalletRefundOutbox> {
+        let config = AppConfig {
+            wallet_refund_outbox_dir: dir,
+            wallet_refund_outbox_batch_size: 500,
+            wallet_refund_outbox_flush_interval: Duration::from_secs(60),
+            wallet_refund_outbox_max_bytes: max_bytes,
+            ..AppConfig::default()
+        };
+        WalletRefundOutbox::from_config(
+            &config,
+            SpacetimeClient::new(spacetime_client::SpacetimeClientConfig {
+                server_url: "http://127.0.0.1:1".to_string(),
+                database: "missing".to_string(),
+                token: None,
+                pool_size: 1,
+                procedure_timeout: Duration::from_millis(10),
+            }),
+        )
+        .expect("outbox should be enabled")
+    }
+
+    #[tokio::test]
+    async fn enqueue_is_idempotent_per_ledger_id() {
+        let dir = test_dir("idempotent");
+        let outbox = test_outbox(dir.clone(), 1024 * 1024);
+
+        outbox.enqueue(sample_record("ledger-1")).await.unwrap();
+        outbox.enqueue(sample_record("ledger-1")).await.unwrap();
+
+        let pending_count = std::fs::read_dir(&dir)
+            .unwrap()
+            .filter_map(Result::ok)
+            .filter(|entry| is_pending_outbox_file_name(&entry.file_name()))
+            .count();
+        assert_eq!(pending_count, 1);
+
+        let _ = std::fs::remove_dir_all(dir);
+    }
+
+    #[tokio::test]
+    async fn enqueue_drops_when_outbox_exceeds_max_bytes() {
+        let dir = test_dir("max-bytes");
+        let outbox = test_outbox(dir.clone(), 1);
+
+        let outcome = outbox.enqueue(sample_record("ledger-1")).await.unwrap();
+
+        assert!(matches!(
+            outcome,
+            WalletRefundOutboxEnqueueOutcome::Dropped {
+                reason: "max_bytes"
+            }
+        ));
+        assert!(!dir.exists() || std::fs::read_dir(&dir).unwrap().next().is_none());
+
+        let _ = std::fs::remove_dir_all(dir);
+    }
+
+    #[tokio::test]
+    async fn flush_quarantines_corrupt_file() {
+        let dir = test_dir("corrupt");
+        std::fs::create_dir_all(&dir).unwrap();
+        let pending_path = dir.join(format!("{PENDING_FILE_PREFIX}bad{OUTBOX_FILE_EXTENSION}"));
+        std::fs::write(&pending_path, b"{not-json}").unwrap();
+        let outbox = test_outbox(dir.clone(), 1024 * 1024);
+
+        outbox.flush_pending_files_once().await.unwrap();
+
+        assert!(!pending_path.exists());
+        let corrupt_count = std::fs::read_dir(&dir)
+            .unwrap()
+            .filter_map(Result::ok)
+            .filter(|entry| {
+                entry
+                    .file_name()
+                    .to_str()
+                    .is_some_and(|name| name.starts_with(CORRUPT_FILE_PREFIX))
+            })
+            .count();
+        assert_eq!(corrupt_count, 1);
+
+        let _ = std::fs::remove_dir_all(dir);
+    }
+
+    #[tokio::test]
+    async fn shutdown_flush_keeps_file_when_spacetime_is_unavailable() {
+        let dir = test_dir("shutdown");
+        let outbox = test_outbox(dir.clone(), 1024 * 1024);
+
+        outbox.enqueue(sample_record("ledger-1")).await.unwrap();
+        let result = outbox.flush_for_shutdown().await;
+
+        assert!(
+            matches!(result, Err(WalletRefundOutboxError::Spacetime(_))),
+            "missing test SpacetimeDB should keep refund file for retry"
+        );
+        let pending_count = std::fs::read_dir(&dir)
+            .unwrap()
+            .filter_map(Result::ok)
+            .filter(|entry| is_pending_outbox_file_name(&entry.file_name()))
+            .count();
+        assert_eq!(pending_count, 1);
+
+        let _ = std::fs::remove_dir_all(dir);
+    }
+}
diff --git a/server-rs/crates/module-puzzle/src/application.rs b/server-rs/crates/module-puzzle/src/application.rs
index eca056e2..ee1061ba 100644
--- a/server-rs/crates/module-puzzle/src/application.rs
+++ b/server-rs/crates/module-puzzle/src/application.rs
@@ -20,6 +20,14 @@ pub struct PuzzleAgentSessionProcedureResult {
     pub error_message: Option<String>,
 }
 
+#[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct PuzzleBackgroundCompileTaskProcedureResult {
+    pub ok: bool,
+    pub claimed: bool,
+    pub error_message: Option<String>,
+}
+
 #[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
 pub struct PuzzleWorksProcedureResult {
diff --git a/server-rs/crates/module-puzzle/src/commands.rs b/server-rs/crates/module-puzzle/src/commands.rs
index 85f975e5..994ecd9e 100644
--- a/server-rs/crates/module-puzzle/src/commands.rs
+++ b/server-rs/crates/module-puzzle/src/commands.rs
@@ -68,6 +68,25 @@ pub struct PuzzleDraftCompileInput {
     pub compiled_at_micros: i64,
 }
 
+#[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct PuzzleBackgroundCompileTaskClaimInput {
+    pub task_id: String,
+    pub claim_id: String,
+    pub session_id: String,
+    pub owner_user_id: String,
+    pub claimed_at_micros: i64,
+}
+
+#[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub struct PuzzleBackgroundCompileTaskReleaseInput {
+    pub task_id: String,
+    pub claim_id: String,
+    pub session_id: String,
+    pub owner_user_id: String,
+}
+
 #[cfg_attr(feature = "spacetime-types", derive(SpacetimeType))]
 #[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
 pub struct PuzzleDraftCompileFailureInput {
diff --git a/server-rs/crates/spacetime-client/src/lib.rs b/server-rs/crates/spacetime-client/src/lib.rs
index 626b34d3..fc4cd607 100644
--- a/server-rs/crates/spacetime-client/src/lib.rs
+++ b/server-rs/crates/spacetime-client/src/lib.rs
@@ -51,7 +51,8 @@ pub use mapper::{
     PublicWorkGalleryEntryRecord, PuzzleAgentMessageFinalizeRecordInput, PuzzleAgentMessageRecord,
     PuzzleAgentMessageSubmitRecordInput, PuzzleAgentSessionCreateRecordInput,
     PuzzleAgentSessionRecord, PuzzleAgentSuggestedActionRecord, PuzzleAnchorItemRecord,
-    PuzzleAnchorPackRecord, PuzzleAudioAssetRecord, PuzzleBoardRecord, PuzzleCellPositionRecord,
+    PuzzleAnchorPackRecord, PuzzleAudioAssetRecord, PuzzleBackgroundCompileTaskClaimRecordInput,
+    PuzzleBackgroundCompileTaskReleaseRecordInput, PuzzleBoardRecord, PuzzleCellPositionRecord,
     PuzzleClearActionRequest, PuzzleClearActionResponse, PuzzleClearActionType,
     PuzzleClearBoardCell, PuzzleClearBoardSnapshot, PuzzleClearCardAsset, PuzzleClearDraftResponse,
     PuzzleClearGenerationStatus, PuzzleClearImageAsset, PuzzleClearNextLevelRequest,
diff --git a/server-rs/crates/spacetime-client/src/mapper.rs b/server-rs/crates/spacetime-client/src/mapper.rs
index c1f4c069..6ba49d7d 100644
--- a/server-rs/crates/spacetime-client/src/mapper.rs
+++ b/server-rs/crates/spacetime-client/src/mapper.rs
@@ -101,7 +101,8 @@ pub use self::puzzle::{
     PuzzleAgentMessageFinalizeRecordInput, PuzzleAgentMessageRecord,
     PuzzleAgentMessageSubmitRecordInput, PuzzleAgentSessionCreateRecordInput,
     PuzzleAgentSessionRecord, PuzzleAgentSuggestedActionRecord, PuzzleAnchorItemRecord,
-    PuzzleAnchorPackRecord, PuzzleAudioAssetRecord, PuzzleBoardRecord, PuzzleCellPositionRecord,
+    PuzzleAnchorPackRecord, PuzzleAudioAssetRecord, PuzzleBackgroundCompileTaskClaimRecordInput,
+    PuzzleBackgroundCompileTaskReleaseRecordInput, PuzzleBoardRecord, PuzzleCellPositionRecord,
     PuzzleCreatorIntentRecord, PuzzleDraftCompileFailureRecordInput, PuzzleDraftLevelRecord,
     PuzzleFormDraftRecord, PuzzleFormDraftSaveRecordInput, PuzzleGalleryCardRecord,
     PuzzleGeneratedImageCandidateRecord, PuzzleGeneratedImagesSaveRecordInput,
@@ -199,10 +200,10 @@ pub(crate) use self::public_work::{
     map_public_work_gallery_entry, map_public_work_gallery_entry_to_detail_entry,
 };
 pub(crate) use self::puzzle::{
-    map_puzzle_agent_session_procedure_result, map_puzzle_gallery_card_view_row,
-    map_puzzle_run_procedure_result, map_puzzle_work_procedure_result,
-    map_puzzle_works_procedure_result, map_runtime_profile_wallet_ledger_source_type_back,
-    parse_puzzle_agent_stage_record,
+    map_puzzle_agent_session_procedure_result, map_puzzle_background_compile_task_procedure_result,
+    map_puzzle_gallery_card_view_row, map_puzzle_run_procedure_result,
+    map_puzzle_work_procedure_result, map_puzzle_works_procedure_result,
+    map_runtime_profile_wallet_ledger_source_type_back, parse_puzzle_agent_stage_record,
 };
 pub(crate) use self::puzzle_clear::{
     map_puzzle_clear_agent_session_procedure_result, map_puzzle_clear_gallery_card_view_row,
diff --git a/server-rs/crates/spacetime-client/src/mapper/puzzle.rs b/server-rs/crates/spacetime-client/src/mapper/puzzle.rs
index ae57c440..d11564de 100644
--- a/server-rs/crates/spacetime-client/src/mapper/puzzle.rs
+++ b/server-rs/crates/spacetime-client/src/mapper/puzzle.rs
@@ -13,6 +13,16 @@ pub(crate) fn map_puzzle_agent_session_procedure_result(
     Ok(map_puzzle_agent_session_snapshot(session))
 }
 
+pub(crate) fn map_puzzle_background_compile_task_procedure_result(
+    result: PuzzleBackgroundCompileTaskProcedureResult,
+) -> Result<bool, SpacetimeClientError> {
+    if !result.ok {
+        return Err(SpacetimeClientError::procedure_failed(result.error_message));
+    }
+
+    Ok(result.claimed)
+}
+
 pub(crate) fn map_puzzle_work_procedure_result(
     result: PuzzleWorkProcedureResult,
 ) -> Result<PuzzleWorkProfileRecord, SpacetimeClientError> {
@@ -614,6 +624,23 @@ pub struct PuzzleFormDraftSaveRecordInput {
     pub saved_at_micros: i64,
 }
 
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct PuzzleBackgroundCompileTaskClaimRecordInput {
+    pub task_id: String,
+    pub claim_id: String,
+    pub session_id: String,
+    pub owner_user_id: String,
+    pub claimed_at_micros: i64,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct PuzzleBackgroundCompileTaskReleaseRecordInput {
+    pub task_id: String,
+    pub claim_id: String,
+    pub session_id: String,
+    pub owner_user_id: String,
+}
+
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub struct PuzzleAgentMessageSubmitRecordInput {
     pub session_id: String,
diff --git a/server-rs/crates/spacetime-client/src/module_bindings.rs b/server-rs/crates/spacetime-client/src/module_bindings.rs
index cb53cae4..55677168 100644
--- a/server-rs/crates/spacetime-client/src/module_bindings.rs
+++ b/server-rs/crates/spacetime-client/src/module_bindings.rs
@@ -204,6 +204,7 @@ pub mod chapter_progression_table;
 pub mod chapter_progression_type;
 pub mod checkpoint_wooden_fish_run_procedure;
 pub mod claim_profile_task_reward_and_return_procedure;
+pub mod claim_puzzle_background_compile_task_procedure;
 pub mod claim_puzzle_work_point_incentive_procedure;
 pub mod clear_database_migration_import_chunks_procedure;
 pub mod clear_platform_browse_history_and_return_procedure;
@@ -628,6 +629,11 @@ pub mod puzzle_anchor_item_type;
 pub mod puzzle_anchor_pack_type;
 pub mod puzzle_anchor_status_type;
 pub mod puzzle_audio_asset_type;
+pub mod puzzle_background_compile_task_claim_input_type;
+pub mod puzzle_background_compile_task_procedure_result_type;
+pub mod puzzle_background_compile_task_release_input_type;
+pub mod puzzle_background_compile_task_row_type;
+pub mod puzzle_background_compile_task_table;
 pub mod puzzle_board_snapshot_type;
 pub mod puzzle_cell_position_type;
 pub mod puzzle_clear_agent_session_create_input_type;
@@ -766,6 +772,7 @@ pub mod redeem_profile_reward_code_procedure;
 pub mod refresh_session_table;
 pub mod refresh_session_type;
 pub mod refund_profile_wallet_points_and_return_procedure;
+pub mod release_puzzle_background_compile_task_procedure;
 pub mod remix_big_fish_work_procedure;
 pub mod remix_custom_world_profile_procedure;
 pub mod remix_puzzle_work_procedure;
@@ -1312,6 +1319,7 @@ pub use chapter_progression_table::*;
 pub use chapter_progression_type::ChapterProgression;
 pub use checkpoint_wooden_fish_run_procedure::checkpoint_wooden_fish_run;
 pub use claim_profile_task_reward_and_return_procedure::claim_profile_task_reward_and_return;
+pub use claim_puzzle_background_compile_task_procedure::claim_puzzle_background_compile_task;
 pub use claim_puzzle_work_point_incentive_procedure::claim_puzzle_work_point_incentive;
 pub use clear_database_migration_import_chunks_procedure::clear_database_migration_import_chunks;
 pub use clear_platform_browse_history_and_return_procedure::clear_platform_browse_history_and_return;
@@ -1736,6 +1744,11 @@ pub use puzzle_anchor_item_type::PuzzleAnchorItem;
 pub use puzzle_anchor_pack_type::PuzzleAnchorPack;
 pub use puzzle_anchor_status_type::PuzzleAnchorStatus;
 pub use puzzle_audio_asset_type::PuzzleAudioAsset;
+pub use puzzle_background_compile_task_claim_input_type::PuzzleBackgroundCompileTaskClaimInput;
+pub use puzzle_background_compile_task_procedure_result_type::PuzzleBackgroundCompileTaskProcedureResult;
+pub use puzzle_background_compile_task_release_input_type::PuzzleBackgroundCompileTaskReleaseInput;
+pub use puzzle_background_compile_task_row_type::PuzzleBackgroundCompileTaskRow;
+pub use puzzle_background_compile_task_table::*;
 pub use puzzle_board_snapshot_type::PuzzleBoardSnapshot;
 pub use puzzle_cell_position_type::PuzzleCellPosition;
 pub use puzzle_clear_agent_session_create_input_type::PuzzleClearAgentSessionCreateInput;
@@ -1874,6 +1887,7 @@ pub use redeem_profile_reward_code_procedure::redeem_profile_reward_code;
 pub use refresh_session_table::*;
 pub use refresh_session_type::RefreshSession;
 pub use refund_profile_wallet_points_and_return_procedure::refund_profile_wallet_points_and_return;
+pub use release_puzzle_background_compile_task_procedure::release_puzzle_background_compile_task;
 pub use remix_big_fish_work_procedure::remix_big_fish_work;
 pub use remix_custom_world_profile_procedure::remix_custom_world_profile;
 pub use remix_puzzle_work_procedure::remix_puzzle_work;
@@ -2569,6 +2583,7 @@ pub struct DbUpdate {
     public_work_play_daily_stat: __sdk::TableUpdate<PublicWorkPlayDailyStat>,
     puzzle_agent_message: __sdk::TableUpdate<PuzzleAgentMessageRow>,
     puzzle_agent_session: __sdk::TableUpdate<PuzzleAgentSessionRow>,
+    puzzle_background_compile_task: __sdk::TableUpdate<PuzzleBackgroundCompileTaskRow>,
     puzzle_clear_agent_session: __sdk::TableUpdate<PuzzleClearAgentSessionRow>,
     puzzle_clear_event: __sdk::TableUpdate<PuzzleClearEventRow>,
     puzzle_clear_gallery_card_view: __sdk::TableUpdate<PuzzleClearGalleryCardViewRow>,
@@ -2854,6 +2869,11 @@ impl TryFrom<__ws::v2::TransactionUpdate> for DbUpdate {
                 "puzzle_agent_session" => db_update.puzzle_agent_session.append(
                     puzzle_agent_session_table::parse_table_update(table_update)?,
                 ),
+                "puzzle_background_compile_task" => {
+                    db_update.puzzle_background_compile_task.append(
+                        puzzle_background_compile_task_table::parse_table_update(table_update)?,
+                    )
+                }
                 "puzzle_clear_agent_session" => db_update.puzzle_clear_agent_session.append(
                     puzzle_clear_agent_session_table::parse_table_update(table_update)?,
                 ),
@@ -3373,6 +3393,12 @@ impl __sdk::DbUpdate for DbUpdate {
                 &self.puzzle_agent_session,
             )
             .with_updates_by_pk(|row| &row.session_id);
+        diff.puzzle_background_compile_task = cache
+            .apply_diff_to_table::<PuzzleBackgroundCompileTaskRow>(
+                "puzzle_background_compile_task",
+                &self.puzzle_background_compile_task,
+            )
+            .with_updates_by_pk(|row| &row.task_id);
         diff.puzzle_clear_agent_session = cache
             .apply_diff_to_table::<PuzzleClearAgentSessionRow>(
                 "puzzle_clear_agent_session",
@@ -3828,6 +3854,9 @@ impl __sdk::DbUpdate for DbUpdate {
                 "puzzle_agent_session" => db_update
                     .puzzle_agent_session
                     .append(__sdk::parse_row_list_as_inserts(table_rows.rows)?),
+                "puzzle_background_compile_task" => db_update
+                    .puzzle_background_compile_task
+                    .append(__sdk::parse_row_list_as_inserts(table_rows.rows)?),
                 "puzzle_clear_agent_session" => db_update
                     .puzzle_clear_agent_session
                     .append(__sdk::parse_row_list_as_inserts(table_rows.rows)?),
@@ -4192,6 +4221,9 @@ impl __sdk::DbUpdate for DbUpdate {
                 "puzzle_agent_session" => db_update
                     .puzzle_agent_session
                     .append(__sdk::parse_row_list_as_deletes(table_rows.rows)?),
+                "puzzle_background_compile_task" => db_update
+                    .puzzle_background_compile_task
+                    .append(__sdk::parse_row_list_as_deletes(table_rows.rows)?),
                 "puzzle_clear_agent_session" => db_update
                     .puzzle_clear_agent_session
                     .append(__sdk::parse_row_list_as_deletes(table_rows.rows)?),
@@ -4410,6 +4442,7 @@ pub struct AppliedDiff<'r> {
     public_work_play_daily_stat: __sdk::TableAppliedDiff<'r, PublicWorkPlayDailyStat>,
     puzzle_agent_message: __sdk::TableAppliedDiff<'r, PuzzleAgentMessageRow>,
     puzzle_agent_session: __sdk::TableAppliedDiff<'r, PuzzleAgentSessionRow>,
+    puzzle_background_compile_task: __sdk::TableAppliedDiff<'r, PuzzleBackgroundCompileTaskRow>,
     puzzle_clear_agent_session: __sdk::TableAppliedDiff<'r, PuzzleClearAgentSessionRow>,
     puzzle_clear_event: __sdk::TableAppliedDiff<'r, PuzzleClearEventRow>,
     puzzle_clear_gallery_card_view: __sdk::TableAppliedDiff<'r, PuzzleClearGalleryCardViewRow>,
@@ -4829,6 +4862,11 @@ impl<'r> __sdk::AppliedDiff<'r> for AppliedDiff<'r> {
             &self.puzzle_agent_session,
             event,
         );
+        callbacks.invoke_table_row_callbacks::<PuzzleBackgroundCompileTaskRow>(
+            "puzzle_background_compile_task",
+            &self.puzzle_background_compile_task,
+            event,
+        );
         callbacks.invoke_table_row_callbacks::<PuzzleClearAgentSessionRow>(
             "puzzle_clear_agent_session",
             &self.puzzle_clear_agent_session,
@@ -5766,6 +5804,7 @@ impl __sdk::SpacetimeModule for RemoteModule {
         public_work_play_daily_stat_table::register_table(client_cache);
         puzzle_agent_message_table::register_table(client_cache);
         puzzle_agent_session_table::register_table(client_cache);
+        puzzle_background_compile_task_table::register_table(client_cache);
         puzzle_clear_agent_session_table::register_table(client_cache);
         puzzle_clear_event_table::register_table(client_cache);
         puzzle_clear_gallery_card_view_table::register_table(client_cache);
@@ -5885,6 +5924,7 @@ impl __sdk::SpacetimeModule for RemoteModule {
         "public_work_play_daily_stat",
         "puzzle_agent_message",
         "puzzle_agent_session",
+        "puzzle_background_compile_task",
         "puzzle_clear_agent_session",
         "puzzle_clear_event",
         "puzzle_clear_gallery_card_view",
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/claim_puzzle_background_compile_task_procedure.rs b/server-rs/crates/spacetime-client/src/module_bindings/claim_puzzle_background_compile_task_procedure.rs
new file mode 100644
index 00000000..45b9de6d
--- /dev/null
+++ b/server-rs/crates/spacetime-client/src/module_bindings/claim_puzzle_background_compile_task_procedure.rs
@@ -0,0 +1,59 @@
+// THIS FILE IS AUTOMATICALLY GENERATED BY SPACETIMEDB. EDITS TO THIS FILE
+// WILL NOT BE SAVED. MODIFY TABLES IN YOUR MODULE SOURCE CODE INSTEAD.
+
+#![allow(unused, clippy::all)]
+use spacetimedb_sdk::__codegen::{self as __sdk, __lib, __sats, __ws};
+
+use super::puzzle_background_compile_task_claim_input_type::PuzzleBackgroundCompileTaskClaimInput;
+use super::puzzle_background_compile_task_procedure_result_type::PuzzleBackgroundCompileTaskProcedureResult;
+
+#[derive(__lib::ser::Serialize, __lib::de::Deserialize, Clone, PartialEq, Debug)]
+#[sats(crate = __lib)]
+struct ClaimPuzzleBackgroundCompileTaskArgs {
+    pub input: PuzzleBackgroundCompileTaskClaimInput,
+}
+
+impl __sdk::InModule for ClaimPuzzleBackgroundCompileTaskArgs {
+    type Module = super::RemoteModule;
+}
+
+#[allow(non_camel_case_types)]
+/// Extension trait for access to the procedure `claim_puzzle_background_compile_task`.
+///
+/// Implemented for [`super::RemoteProcedures`].
+pub trait claim_puzzle_background_compile_task {
+    fn claim_puzzle_background_compile_task(&self, input: PuzzleBackgroundCompileTaskClaimInput) {
+        self.claim_puzzle_background_compile_task_then(input, |_, _| {});
+    }
+
+    fn claim_puzzle_background_compile_task_then(
+        &self,
+        input: PuzzleBackgroundCompileTaskClaimInput,
+
+        __callback: impl FnOnce(
+                &super::ProcedureEventContext,
+                Result<PuzzleBackgroundCompileTaskProcedureResult, __sdk::InternalError>,
+            ) + Send
+            + 'static,
+    );
+}
+
+impl claim_puzzle_background_compile_task for super::RemoteProcedures {
+    fn claim_puzzle_background_compile_task_then(
+        &self,
+        input: PuzzleBackgroundCompileTaskClaimInput,
+
+        __callback: impl FnOnce(
+                &super::ProcedureEventContext,
+                Result<PuzzleBackgroundCompileTaskProcedureResult, __sdk::InternalError>,
+            ) + Send
+            + 'static,
+    ) {
+        self.imp
+            .invoke_procedure_with_callback::<_, PuzzleBackgroundCompileTaskProcedureResult>(
+                "claim_puzzle_background_compile_task",
+                ClaimPuzzleBackgroundCompileTaskArgs { input },
+                __callback,
+            );
+    }
+}
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_claim_input_type.rs b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_claim_input_type.rs
new file mode 100644
index 00000000..f721ad91
--- /dev/null
+++ b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_claim_input_type.rs
@@ -0,0 +1,19 @@
+// THIS FILE IS AUTOMATICALLY GENERATED BY SPACETIMEDB. EDITS TO THIS FILE
+// WILL NOT BE SAVED. MODIFY TABLES IN YOUR MODULE SOURCE CODE INSTEAD.
+
+#![allow(unused, clippy::all)]
+use spacetimedb_sdk::__codegen::{self as __sdk, __lib, __sats, __ws};
+
+#[derive(__lib::ser::Serialize, __lib::de::Deserialize, Clone, PartialEq, Debug)]
+#[sats(crate = __lib)]
+pub struct PuzzleBackgroundCompileTaskClaimInput {
+    pub task_id: String,
+    pub claim_id: String,
+    pub session_id: String,
+    pub owner_user_id: String,
+    pub claimed_at_micros: i64,
+}
+
+impl __sdk::InModule for PuzzleBackgroundCompileTaskClaimInput {
+    type Module = super::RemoteModule;
+}
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_procedure_result_type.rs b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_procedure_result_type.rs
new file mode 100644
index 00000000..8c85082e
--- /dev/null
+++ b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_procedure_result_type.rs
@@ -0,0 +1,17 @@
+// THIS FILE IS AUTOMATICALLY GENERATED BY SPACETIMEDB. EDITS TO THIS FILE
+// WILL NOT BE SAVED. MODIFY TABLES IN YOUR MODULE SOURCE CODE INSTEAD.
+
+#![allow(unused, clippy::all)]
+use spacetimedb_sdk::__codegen::{self as __sdk, __lib, __sats, __ws};
+
+#[derive(__lib::ser::Serialize, __lib::de::Deserialize, Clone, PartialEq, Debug)]
+#[sats(crate = __lib)]
+pub struct PuzzleBackgroundCompileTaskProcedureResult {
+    pub ok: bool,
+    pub claimed: bool,
+    pub error_message: Option<String>,
+}
+
+impl __sdk::InModule for PuzzleBackgroundCompileTaskProcedureResult {
+    type Module = super::RemoteModule;
+}
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_release_input_type.rs b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_release_input_type.rs
new file mode 100644
index 00000000..f4d983fa
--- /dev/null
+++ b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_release_input_type.rs
@@ -0,0 +1,18 @@
+// THIS FILE IS AUTOMATICALLY GENERATED BY SPACETIMEDB. EDITS TO THIS FILE
+// WILL NOT BE SAVED. MODIFY TABLES IN YOUR MODULE SOURCE CODE INSTEAD.
+
+#![allow(unused, clippy::all)]
+use spacetimedb_sdk::__codegen::{self as __sdk, __lib, __sats, __ws};
+
+#[derive(__lib::ser::Serialize, __lib::de::Deserialize, Clone, PartialEq, Debug)]
+#[sats(crate = __lib)]
+pub struct PuzzleBackgroundCompileTaskReleaseInput {
+    pub task_id: String,
+    pub claim_id: String,
+    pub session_id: String,
+    pub owner_user_id: String,
+}
+
+impl __sdk::InModule for PuzzleBackgroundCompileTaskReleaseInput {
+    type Module = super::RemoteModule;
+}
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_row_type.rs b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_row_type.rs
new file mode 100644
index 00000000..49e1bf07
--- /dev/null
+++ b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_row_type.rs
@@ -0,0 +1,66 @@
+// THIS FILE IS AUTOMATICALLY GENERATED BY SPACETIMEDB. EDITS TO THIS FILE
+// WILL NOT BE SAVED. MODIFY TABLES IN YOUR MODULE SOURCE CODE INSTEAD.
+
+#![allow(unused, clippy::all)]
+use spacetimedb_sdk::__codegen::{self as __sdk, __lib, __sats, __ws};
+
+#[derive(__lib::ser::Serialize, __lib::de::Deserialize, Clone, PartialEq, Debug)]
+#[sats(crate = __lib)]
+pub struct PuzzleBackgroundCompileTaskRow {
+    pub task_id: String,
+    pub claim_id: String,
+    pub session_id: String,
+    pub owner_user_id: String,
+    pub created_at: __sdk::Timestamp,
+    pub updated_at: __sdk::Timestamp,
+}
+
+impl __sdk::InModule for PuzzleBackgroundCompileTaskRow {
+    type Module = super::RemoteModule;
+}
+
+/// Column accessor struct for the table `PuzzleBackgroundCompileTaskRow`.
+///
+/// Provides typed access to columns for query building.
+pub struct PuzzleBackgroundCompileTaskRowCols {
+    pub task_id: __sdk::__query_builder::Col<PuzzleBackgroundCompileTaskRow, String>,
+    pub claim_id: __sdk::__query_builder::Col<PuzzleBackgroundCompileTaskRow, String>,
+    pub session_id: __sdk::__query_builder::Col<PuzzleBackgroundCompileTaskRow, String>,
+    pub owner_user_id: __sdk::__query_builder::Col<PuzzleBackgroundCompileTaskRow, String>,
+    pub created_at: __sdk::__query_builder::Col<PuzzleBackgroundCompileTaskRow, __sdk::Timestamp>,
+    pub updated_at: __sdk::__query_builder::Col<PuzzleBackgroundCompileTaskRow, __sdk::Timestamp>,
+}
+
+impl __sdk::__query_builder::HasCols for PuzzleBackgroundCompileTaskRow {
+    type Cols = PuzzleBackgroundCompileTaskRowCols;
+    fn cols(table_name: &'static str) -> Self::Cols {
+        PuzzleBackgroundCompileTaskRowCols {
+            task_id: __sdk::__query_builder::Col::new(table_name, "task_id"),
+            claim_id: __sdk::__query_builder::Col::new(table_name, "claim_id"),
+            session_id: __sdk::__query_builder::Col::new(table_name, "session_id"),
+            owner_user_id: __sdk::__query_builder::Col::new(table_name, "owner_user_id"),
+            created_at: __sdk::__query_builder::Col::new(table_name, "created_at"),
+            updated_at: __sdk::__query_builder::Col::new(table_name, "updated_at"),
+        }
+    }
+}
+
+/// Indexed column accessor struct for the table `PuzzleBackgroundCompileTaskRow`.
+///
+/// Provides typed access to indexed columns for query building.
+pub struct PuzzleBackgroundCompileTaskRowIxCols {
+    pub session_id: __sdk::__query_builder::IxCol<PuzzleBackgroundCompileTaskRow, String>,
+    pub task_id: __sdk::__query_builder::IxCol<PuzzleBackgroundCompileTaskRow, String>,
+}
+
+impl __sdk::__query_builder::HasIxCols for PuzzleBackgroundCompileTaskRow {
+    type IxCols = PuzzleBackgroundCompileTaskRowIxCols;
+    fn ix_cols(table_name: &'static str) -> Self::IxCols {
+        PuzzleBackgroundCompileTaskRowIxCols {
+            session_id: __sdk::__query_builder::IxCol::new(table_name, "session_id"),
+            task_id: __sdk::__query_builder::IxCol::new(table_name, "task_id"),
+        }
+    }
+}
+
+impl __sdk::__query_builder::CanBeLookupTable for PuzzleBackgroundCompileTaskRow {}
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_table.rs b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_table.rs
new file mode 100644
index 00000000..227085b5
--- /dev/null
+++ b/server-rs/crates/spacetime-client/src/module_bindings/puzzle_background_compile_task_table.rs
@@ -0,0 +1,169 @@
+// THIS FILE IS AUTOMATICALLY GENERATED BY SPACETIMEDB. EDITS TO THIS FILE
+// WILL NOT BE SAVED. MODIFY TABLES IN YOUR MODULE SOURCE CODE INSTEAD.
+
+#![allow(unused, clippy::all)]
+use super::puzzle_background_compile_task_row_type::PuzzleBackgroundCompileTaskRow;
+use spacetimedb_sdk::__codegen::{self as __sdk, __lib, __sats, __ws};
+
+/// Table handle for the table `puzzle_background_compile_task`.
+///
+/// Obtain a handle from the [`PuzzleBackgroundCompileTaskTableAccess::puzzle_background_compile_task`] method on [`super::RemoteTables`],
+/// like `ctx.db.puzzle_background_compile_task()`.
+///
+/// Users are encouraged not to explicitly reference this type,
+/// but to directly chain method calls,
+/// like `ctx.db.puzzle_background_compile_task().on_insert(...)`.
+pub struct PuzzleBackgroundCompileTaskTableHandle<'ctx> {
+    imp: __sdk::TableHandle<PuzzleBackgroundCompileTaskRow>,
+    ctx: std::marker::PhantomData<&'ctx super::RemoteTables>,
+}
+
+#[allow(non_camel_case_types)]
+/// Extension trait for access to the table `puzzle_background_compile_task`.
+///
+/// Implemented for [`super::RemoteTables`].
+pub trait PuzzleBackgroundCompileTaskTableAccess {
+    #[allow(non_snake_case)]
+    /// Obtain a [`PuzzleBackgroundCompileTaskTableHandle`], which mediates access to the table `puzzle_background_compile_task`.
+    fn puzzle_background_compile_task(&self) -> PuzzleBackgroundCompileTaskTableHandle<'_>;
+}
+
+impl PuzzleBackgroundCompileTaskTableAccess for super::RemoteTables {
+    fn puzzle_background_compile_task(&self) -> PuzzleBackgroundCompileTaskTableHandle<'_> {
+        PuzzleBackgroundCompileTaskTableHandle {
+            imp: self
+                .imp
+                .get_table::<PuzzleBackgroundCompileTaskRow>("puzzle_background_compile_task"),
+            ctx: std::marker::PhantomData,
+        }
+    }
+}
+
+pub struct PuzzleBackgroundCompileTaskInsertCallbackId(__sdk::CallbackId);
+pub struct PuzzleBackgroundCompileTaskDeleteCallbackId(__sdk::CallbackId);
+
+impl<'ctx> __sdk::Table for PuzzleBackgroundCompileTaskTableHandle<'ctx> {
+    type Row = PuzzleBackgroundCompileTaskRow;
+    type EventContext = super::EventContext;
+
+    fn count(&self) -> u64 {
+        self.imp.count()
+    }
+    fn iter(&self) -> impl Iterator<Item = PuzzleBackgroundCompileTaskRow> + '_ {
+        self.imp.iter()
+    }
+
+    type InsertCallbackId = PuzzleBackgroundCompileTaskInsertCallbackId;
+
+    fn on_insert(
+        &self,
+        callback: impl FnMut(&Self::EventContext, &Self::Row) + Send + 'static,
+    ) -> PuzzleBackgroundCompileTaskInsertCallbackId {
+        PuzzleBackgroundCompileTaskInsertCallbackId(self.imp.on_insert(Box::new(callback)))
+    }
+
+    fn remove_on_insert(&self, callback: PuzzleBackgroundCompileTaskInsertCallbackId) {
+        self.imp.remove_on_insert(callback.0)
+    }
+
+    type DeleteCallbackId = PuzzleBackgroundCompileTaskDeleteCallbackId;
+
+    fn on_delete(
+        &self,
+        callback: impl FnMut(&Self::EventContext, &Self::Row) + Send + 'static,
+    ) -> PuzzleBackgroundCompileTaskDeleteCallbackId {
+        PuzzleBackgroundCompileTaskDeleteCallbackId(self.imp.on_delete(Box::new(callback)))
+    }
+
+    fn remove_on_delete(&self, callback: PuzzleBackgroundCompileTaskDeleteCallbackId) {
+        self.imp.remove_on_delete(callback.0)
+    }
+}
+
+pub struct PuzzleBackgroundCompileTaskUpdateCallbackId(__sdk::CallbackId);
+
+impl<'ctx> __sdk::TableWithPrimaryKey for PuzzleBackgroundCompileTaskTableHandle<'ctx> {
+    type UpdateCallbackId = PuzzleBackgroundCompileTaskUpdateCallbackId;
+
+    fn on_update(
+        &self,
+        callback: impl FnMut(&Self::EventContext, &Self::Row, &Self::Row) + Send + 'static,
+    ) -> PuzzleBackgroundCompileTaskUpdateCallbackId {
+        PuzzleBackgroundCompileTaskUpdateCallbackId(self.imp.on_update(Box::new(callback)))
+    }
+
+    fn remove_on_update(&self, callback: PuzzleBackgroundCompileTaskUpdateCallbackId) {
+        self.imp.remove_on_update(callback.0)
+    }
+}
+
+/// Access to the `task_id` unique index on the table `puzzle_background_compile_task`,
+/// which allows point queries on the field of the same name
+/// via the [`PuzzleBackgroundCompileTaskTaskIdUnique::find`] method.
+///
+/// Users are encouraged not to explicitly reference this type,
+/// but to directly chain method calls,
+/// like `ctx.db.puzzle_background_compile_task().task_id().find(...)`.
+pub struct PuzzleBackgroundCompileTaskTaskIdUnique<'ctx> {
+    imp: __sdk::UniqueConstraintHandle<PuzzleBackgroundCompileTaskRow, String>,
+    phantom: std::marker::PhantomData<&'ctx super::RemoteTables>,
+}
+
+impl<'ctx> PuzzleBackgroundCompileTaskTableHandle<'ctx> {
+    /// Get a handle on the `task_id` unique index on the table `puzzle_background_compile_task`.
+    pub fn task_id(&self) -> PuzzleBackgroundCompileTaskTaskIdUnique<'ctx> {
+        PuzzleBackgroundCompileTaskTaskIdUnique {
+            imp: self.imp.get_unique_constraint::<String>("task_id"),
+            phantom: std::marker::PhantomData,
+        }
+    }
+}
+
+impl<'ctx> PuzzleBackgroundCompileTaskTaskIdUnique<'ctx> {
+    /// Find the subscribed row whose `task_id` column value is equal to `col_val`,
+    /// if such a row is present in the client cache.
+    pub fn find(&self, col_val: &String) -> Option<PuzzleBackgroundCompileTaskRow> {
+        self.imp.find(col_val)
+    }
+}
+
+#[doc(hidden)]
+pub(super) fn register_table(client_cache: &mut __sdk::ClientCache<super::RemoteModule>) {
+    let _table = client_cache
+        .get_or_make_table::<PuzzleBackgroundCompileTaskRow>("puzzle_background_compile_task");
+    _table.add_unique_constraint::<String>("task_id", |row| &row.task_id);
+}
+
+#[doc(hidden)]
+pub(super) fn parse_table_update(
+    raw_updates: __ws::v2::TableUpdate,
+) -> __sdk::Result<__sdk::TableUpdate<PuzzleBackgroundCompileTaskRow>> {
+    __sdk::TableUpdate::parse_table_update(raw_updates).map_err(|e| {
+        __sdk::InternalError::failed_parse(
+            "TableUpdate<PuzzleBackgroundCompileTaskRow>",
+            "TableUpdate",
+        )
+        .with_cause(e)
+        .into()
+    })
+}
+
+#[allow(non_camel_case_types)]
+/// Extension trait for query builder access to the table `PuzzleBackgroundCompileTaskRow`.
+///
+/// Implemented for [`__sdk::QueryTableAccessor`].
+pub trait puzzle_background_compile_taskQueryTableAccess {
+    #[allow(non_snake_case)]
+    /// Get a query builder for the table `PuzzleBackgroundCompileTaskRow`.
+    fn puzzle_background_compile_task(
+        &self,
+    ) -> __sdk::__query_builder::Table<PuzzleBackgroundCompileTaskRow>;
+}
+
+impl puzzle_background_compile_taskQueryTableAccess for __sdk::QueryTableAccessor {
+    fn puzzle_background_compile_task(
+        &self,
+    ) -> __sdk::__query_builder::Table<PuzzleBackgroundCompileTaskRow> {
+        __sdk::__query_builder::Table::new("puzzle_background_compile_task")
+    }
+}
diff --git a/server-rs/crates/spacetime-client/src/module_bindings/release_puzzle_background_compile_task_procedure.rs b/server-rs/crates/spacetime-client/src/module_bindings/release_puzzle_background_compile_task_procedure.rs
new file mode 100644
index 00000000..3b85afae
--- /dev/null
+++ b/server-rs/crates/spacetime-client/src/module_bindings/release_puzzle_background_compile_task_procedure.rs
@@ -0,0 +1,62 @@
+// THIS FILE IS AUTOMATICALLY GENERATED BY SPACETIMEDB. EDITS TO THIS FILE
+// WILL NOT BE SAVED. MODIFY TABLES IN YOUR MODULE SOURCE CODE INSTEAD.
+
+#![allow(unused, clippy::all)]
+use spacetimedb_sdk::__codegen::{self as __sdk, __lib, __sats, __ws};
+
+use super::puzzle_background_compile_task_procedure_result_type::PuzzleBackgroundCompileTaskProcedureResult;
+use super::puzzle_background_compile_task_release_input_type::PuzzleBackgroundCompileTaskReleaseInput;
+
+#[derive(__lib::ser::Serialize, __lib::de::Deserialize, Clone, PartialEq, Debug)]
+#[sats(crate = __lib)]
+struct ReleasePuzzleBackgroundCompileTaskArgs {
+    pub input: PuzzleBackgroundCompileTaskReleaseInput,
+}
+
+impl __sdk::InModule for ReleasePuzzleBackgroundCompileTaskArgs {
+    type Module = super::RemoteModule;
+}
+
+#[allow(non_camel_case_types)]
+/// Extension trait for access to the procedure `release_puzzle_background_compile_task`.
+///
+/// Implemented for [`super::RemoteProcedures`].
+pub trait release_puzzle_background_compile_task {
+    fn release_puzzle_background_compile_task(
+        &self,
+        input: PuzzleBackgroundCompileTaskReleaseInput,
+    ) {
+        self.release_puzzle_background_compile_task_then(input, |_, _| {});
+    }
+
+    fn release_puzzle_background_compile_task_then(
+        &self,
+        input: PuzzleBackgroundCompileTaskReleaseInput,
+
+        __callback: impl FnOnce(
+                &super::ProcedureEventContext,
+                Result<PuzzleBackgroundCompileTaskProcedureResult, __sdk::InternalError>,
+            ) + Send
+            + 'static,
+    );
+}
+
+impl release_puzzle_background_compile_task for super::RemoteProcedures {
+    fn release_puzzle_background_compile_task_then(
+        &self,
+        input: PuzzleBackgroundCompileTaskReleaseInput,
+
+        __callback: impl FnOnce(
+                &super::ProcedureEventContext,
+                Result<PuzzleBackgroundCompileTaskProcedureResult, __sdk::InternalError>,
+            ) + Send
+            + 'static,
+    ) {
+        self.imp
+            .invoke_procedure_with_callback::<_, PuzzleBackgroundCompileTaskProcedureResult>(
+                "release_puzzle_background_compile_task",
+                ReleasePuzzleBackgroundCompileTaskArgs { input },
+                __callback,
+            );
+    }
+}
diff --git a/server-rs/crates/spacetime-client/src/puzzle.rs b/server-rs/crates/spacetime-client/src/puzzle.rs
index 25ec5ad9..8916e853 100644
--- a/server-rs/crates/spacetime-client/src/puzzle.rs
+++ b/server-rs/crates/spacetime-client/src/puzzle.rs
@@ -1,8 +1,10 @@
 use super::*;
 use crate::mapper::*;
+use crate::module_bindings::claim_puzzle_background_compile_task_procedure::claim_puzzle_background_compile_task;
 use crate::module_bindings::claim_puzzle_work_point_incentive_procedure::claim_puzzle_work_point_incentive;
 use crate::module_bindings::delete_puzzle_work_procedure::delete_puzzle_work;
 use crate::module_bindings::record_puzzle_work_like_procedure::record_puzzle_work_like;
+use crate::module_bindings::release_puzzle_background_compile_task_procedure::release_puzzle_background_compile_task;
 use crate::module_bindings::remix_puzzle_work_procedure::remix_puzzle_work;
 use crate::module_bindings::save_puzzle_ui_background_procedure::save_puzzle_ui_background;
 
@@ -194,6 +196,67 @@ impl SpacetimeClient {
         .await
     }
 
+    pub async fn claim_puzzle_background_compile_task(
+        &self,
+        input: PuzzleBackgroundCompileTaskClaimRecordInput,
+    ) -> Result<bool, SpacetimeClientError> {
+        let procedure_input = PuzzleBackgroundCompileTaskClaimInput {
+            task_id: input.task_id,
+            claim_id: input.claim_id,
+            session_id: input.session_id,
+            owner_user_id: input.owner_user_id,
+            claimed_at_micros: input.claimed_at_micros,
+        };
+
+        self.call_after_connect(
+            "claim_puzzle_background_compile_task",
+            move |connection, sender| {
+                connection
+                    .procedures()
+                    .claim_puzzle_background_compile_task_then(
+                        procedure_input,
+                        move |_, result| {
+                            let mapped = result
+                                .map_err(SpacetimeClientError::from_sdk_error)
+                                .and_then(map_puzzle_background_compile_task_procedure_result);
+                            send_once(&sender, mapped);
+                        },
+                    );
+            },
+        )
+        .await
+    }
+
+    pub async fn release_puzzle_background_compile_task(
+        &self,
+        input: PuzzleBackgroundCompileTaskReleaseRecordInput,
+    ) -> Result<bool, SpacetimeClientError> {
+        let procedure_input = PuzzleBackgroundCompileTaskReleaseInput {
+            task_id: input.task_id,
+            claim_id: input.claim_id,
+            session_id: input.session_id,
+            owner_user_id: input.owner_user_id,
+        };
+
+        self.call_after_connect(
+            "release_puzzle_background_compile_task",
+            move |connection, sender| {
+                connection
+                    .procedures()
+                    .release_puzzle_background_compile_task_then(
+                        procedure_input,
+                        move |_, result| {
+                            let mapped = result
+                                .map_err(SpacetimeClientError::from_sdk_error)
+                                .and_then(map_puzzle_background_compile_task_procedure_result);
+                            send_once(&sender, mapped);
+                        },
+                    );
+            },
+        )
+        .await
+    }
+
     pub async fn save_puzzle_generated_images(
         &self,
         input: PuzzleGeneratedImagesSaveRecordInput,
diff --git a/server-rs/crates/spacetime-module/src/migration.rs b/server-rs/crates/spacetime-module/src/migration.rs
index 6f249e3b..6de73df5 100644
--- a/server-rs/crates/spacetime-module/src/migration.rs
+++ b/server-rs/crates/spacetime-module/src/migration.rs
@@ -20,8 +20,8 @@ use crate::match3d::tables::{
     match_3_d_work_profile, match3d_agent_message, match3d_agent_session, match3d_runtime_run,
 };
 use crate::puzzle::{
-    puzzle_agent_message, puzzle_agent_session, puzzle_event, puzzle_leaderboard_entry,
-    puzzle_runtime_run, puzzle_work_profile,
+    puzzle_agent_message, puzzle_agent_session, puzzle_background_compile_task, puzzle_event,
+    puzzle_leaderboard_entry, puzzle_runtime_run, puzzle_work_profile,
 };
 use crate::puzzle_clear::tables::{
     puzzle_clear_agent_session, puzzle_clear_event, puzzle_clear_runtime_run,
@@ -229,6 +229,7 @@ macro_rules! migration_tables {
             asset_entity_binding,
             asset_event,
             puzzle_agent_session,
+            puzzle_background_compile_task,
             puzzle_agent_message,
             puzzle_work_profile,
             puzzle_event,
diff --git a/server-rs/crates/spacetime-module/src/puzzle.rs b/server-rs/crates/spacetime-module/src/puzzle.rs
index c5ed877c..2106cccb 100644
--- a/server-rs/crates/spacetime-module/src/puzzle.rs
+++ b/server-rs/crates/spacetime-module/src/puzzle.rs
@@ -10,14 +10,16 @@ use module_puzzle::{
     PUZZLE_NEXT_LEVEL_MODE_SIMILAR_WORKS, PuzzleAgentMessageFinalizeInput, PuzzleAgentMessageKind,
     PuzzleAgentMessageRole, PuzzleAgentMessageSnapshot, PuzzleAgentSessionCreateInput,
     PuzzleAgentSessionGetInput, PuzzleAgentSessionProcedureResult, PuzzleAgentSessionSnapshot,
-    PuzzleAgentStage, PuzzleAnchorPack, PuzzleDraftCompileFailureInput, PuzzleDraftCompileInput,
-    PuzzleFormDraftSaveInput, PuzzleGeneratedImageCandidate, PuzzleGeneratedImagesSaveInput,
-    PuzzleLeaderboardEntry, PuzzleLeaderboardSubmitInput, PuzzlePublicationStatus,
-    PuzzlePublishInput, PuzzleRecommendedNextWork, PuzzleResultDraft, PuzzleRunDragInput,
-    PuzzleRunGetInput, PuzzleRunNextLevelInput, PuzzleRunPauseInput, PuzzleRunProcedureResult,
-    PuzzleRunPropInput, PuzzleRunSnapshot, PuzzleRunStartInput, PuzzleRunSwapInput,
-    PuzzleRuntimeLevelStatus, PuzzleSelectCoverImageInput, PuzzleUiBackgroundSaveInput,
-    PuzzleWorkDeleteInput, PuzzleWorkGetInput, PuzzleWorkLikeRecordInput as PuzzleWorkLikeInput,
+    PuzzleAgentStage, PuzzleAnchorPack, PuzzleBackgroundCompileTaskClaimInput,
+    PuzzleBackgroundCompileTaskProcedureResult, PuzzleBackgroundCompileTaskReleaseInput,
+    PuzzleDraftCompileFailureInput, PuzzleDraftCompileInput, PuzzleFormDraftSaveInput,
+    PuzzleGeneratedImageCandidate, PuzzleGeneratedImagesSaveInput, PuzzleLeaderboardEntry,
+    PuzzleLeaderboardSubmitInput, PuzzlePublicationStatus, PuzzlePublishInput,
+    PuzzleRecommendedNextWork, PuzzleResultDraft, PuzzleRunDragInput, PuzzleRunGetInput,
+    PuzzleRunNextLevelInput, PuzzleRunPauseInput, PuzzleRunProcedureResult, PuzzleRunPropInput,
+    PuzzleRunSnapshot, PuzzleRunStartInput, PuzzleRunSwapInput, PuzzleRuntimeLevelStatus,
+    PuzzleSelectCoverImageInput, PuzzleUiBackgroundSaveInput, PuzzleWorkDeleteInput,
+    PuzzleWorkGetInput, PuzzleWorkLikeRecordInput as PuzzleWorkLikeInput,
     PuzzleWorkPointIncentiveClaimInput, PuzzleWorkProcedureResult, PuzzleWorkProfile,
     PuzzleWorkRemixInput, PuzzleWorkUpsertInput, PuzzleWorksListInput, PuzzleWorksProcedureResult,
     apply_publish_overrides_to_draft, apply_selected_candidate, build_form_draft_from_seed,
@@ -38,6 +40,7 @@ use spacetimedb::{
 use crate::auth::user_account;
 
 const PUZZLE_POINT_INCENTIVE_DEFAULT_U64: u64 = 0;
+const PUZZLE_BACKGROUND_COMPILE_TASK_LEASE_MICROS: i64 = 30 * 60 * 1_000_000;
 const WORK_VISIBLE_DEFAULT: bool = true;
 
 /// 拼图 Agent session 真相表。
@@ -62,6 +65,22 @@ pub struct PuzzleAgentSessionRow {
     updated_at: Timestamp,
 }
 
+/// 拼图首图后台编译活动任务表。
+/// 中文注释：该表只保存跨 api-server 实例互斥 claim，不表达最终生成结果。
+#[spacetimedb::table(
+    accessor = puzzle_background_compile_task,
+    index(accessor = by_puzzle_background_compile_task_session_id, btree(columns = [session_id]))
+)]
+pub struct PuzzleBackgroundCompileTaskRow {
+    #[primary_key]
+    task_id: String,
+    claim_id: String,
+    session_id: String,
+    owner_user_id: String,
+    created_at: Timestamp,
+    updated_at: Timestamp,
+}
+
 /// 拼图 Agent 消息真相表。
 #[spacetimedb::table(
     accessor = puzzle_agent_message,
@@ -388,6 +407,44 @@ pub fn mark_puzzle_draft_generation_failed(
     }
 }
 
+#[spacetimedb::procedure]
+pub fn claim_puzzle_background_compile_task(
+    ctx: &mut ProcedureContext,
+    input: PuzzleBackgroundCompileTaskClaimInput,
+) -> PuzzleBackgroundCompileTaskProcedureResult {
+    match ctx.try_with_tx(|tx| claim_puzzle_background_compile_task_tx(tx, input.clone())) {
+        Ok(claimed) => PuzzleBackgroundCompileTaskProcedureResult {
+            ok: true,
+            claimed,
+            error_message: None,
+        },
+        Err(message) => PuzzleBackgroundCompileTaskProcedureResult {
+            ok: false,
+            claimed: false,
+            error_message: Some(message),
+        },
+    }
+}
+
+#[spacetimedb::procedure]
+pub fn release_puzzle_background_compile_task(
+    ctx: &mut ProcedureContext,
+    input: PuzzleBackgroundCompileTaskReleaseInput,
+) -> PuzzleBackgroundCompileTaskProcedureResult {
+    match ctx.try_with_tx(|tx| release_puzzle_background_compile_task_tx(tx, input.clone())) {
+        Ok(released) => PuzzleBackgroundCompileTaskProcedureResult {
+            ok: true,
+            claimed: released,
+            error_message: None,
+        },
+        Err(message) => PuzzleBackgroundCompileTaskProcedureResult {
+            ok: false,
+            claimed: false,
+            error_message: Some(message),
+        },
+    }
+}
+
 /// 保存拼图入口表单草稿。
 /// 中文注释：该 procedure 只更新 session 与创作中心草稿卡，不触发图片生成或发布校验。
 #[spacetimedb::procedure]
@@ -1024,6 +1081,84 @@ fn compile_puzzle_agent_draft_tx(
     )
 }
 
+fn claim_puzzle_background_compile_task_tx(
+    ctx: &TxContext,
+    input: PuzzleBackgroundCompileTaskClaimInput,
+) -> Result<bool, String> {
+    let task_id = normalize_required_puzzle_task_field(&input.task_id, "拼图后台任务 ID")?;
+    let claim_id = normalize_required_puzzle_task_field(&input.claim_id, "拼图后台任务 claim ID")?;
+    let session_id = normalize_required_puzzle_task_field(&input.session_id, "拼图 session ID")?;
+    let owner_user_id = normalize_required_puzzle_task_field(&input.owner_user_id, "拼图用户 ID")?;
+    let claimed_at = Timestamp::from_micros_since_unix_epoch(input.claimed_at_micros);
+
+    get_owned_session_row(ctx, &session_id, &owner_user_id)?;
+    if let Some(existing) = ctx
+        .db
+        .puzzle_background_compile_task()
+        .task_id()
+        .find(&task_id)
+    {
+        if !is_stale_puzzle_background_compile_task(&existing, input.claimed_at_micros) {
+            return Ok(false);
+        }
+        ctx.db
+            .puzzle_background_compile_task()
+            .task_id()
+            .delete(&task_id);
+    }
+
+    ctx.db
+        .puzzle_background_compile_task()
+        .insert(PuzzleBackgroundCompileTaskRow {
+            task_id,
+            claim_id,
+            session_id,
+            owner_user_id,
+            created_at: claimed_at,
+            updated_at: claimed_at,
+        });
+    Ok(true)
+}
+
+fn release_puzzle_background_compile_task_tx(
+    ctx: &TxContext,
+    input: PuzzleBackgroundCompileTaskReleaseInput,
+) -> Result<bool, String> {
+    let task_id = normalize_required_puzzle_task_field(&input.task_id, "拼图后台任务 ID")?;
+    let claim_id = normalize_required_puzzle_task_field(&input.claim_id, "拼图后台任务 claim ID")?;
+    let session_id = normalize_required_puzzle_task_field(&input.session_id, "拼图 session ID")?;
+    let owner_user_id = normalize_required_puzzle_task_field(&input.owner_user_id, "拼图用户 ID")?;
+
+    let Some(row) = ctx
+        .db
+        .puzzle_background_compile_task()
+        .task_id()
+        .find(&task_id)
+    else {
+        return Ok(false);
+    };
+    if row.session_id != session_id || row.owner_user_id != owner_user_id {
+        return Err("无权释放该拼图后台任务".to_string());
+    }
+    if row.claim_id != claim_id {
+        return Ok(false);
+    }
+
+    ctx.db
+        .puzzle_background_compile_task()
+        .task_id()
+        .delete(&task_id);
+    Ok(true)
+}
+
+fn is_stale_puzzle_background_compile_task(
+    row: &PuzzleBackgroundCompileTaskRow,
+    now_micros: i64,
+) -> bool {
+    now_micros.saturating_sub(row.updated_at.to_micros_since_unix_epoch())
+        >= PUZZLE_BACKGROUND_COMPILE_TASK_LEASE_MICROS
+}
+
 fn mark_puzzle_draft_generation_failed_tx(
     ctx: &TxContext,
     input: PuzzleDraftCompileFailureInput,
@@ -2950,6 +3085,14 @@ fn get_owned_session_row(
     Ok(row)
 }
 
+fn normalize_required_puzzle_task_field(value: &str, field_name: &str) -> Result<String, String> {
+    let normalized = value.trim();
+    if normalized.is_empty() {
+        return Err(format!("{field_name} 不能为空"));
+    }
+    Ok(normalized.to_string())
+}
+
 fn get_owned_run_row(
     ctx: &TxContext,
     run_id: &str,
diff --git a/src/services/apiClient.test.ts b/src/services/apiClient.test.ts
index 9f657156..d57a6dac 100644
--- a/src/services/apiClient.test.ts
+++ b/src/services/apiClient.test.ts
@@ -66,6 +66,9 @@ describe('apiClient', () => {
       dispatchEvent: dispatchEventMock,
       localStorage: createLocalStorageMock(),
     });
+    vi.stubGlobal('crypto', {
+      randomUUID: () => '11111111-2222-3333-4444-555555555555',
+    });
     fetchMock.mockReset();
     dispatchEventMock.mockReset();
     clearStoredAccessToken({ emit: false });
@@ -121,6 +124,7 @@ describe('apiClient', () => {
         credentials: 'same-origin',
         headers: expect.objectContaining({
           Authorization: 'Bearer expired-token',
+          'x-request-id': 'web-11111111-2222-3333-4444-555555555555',
           'x-genarrative-response-envelope': 'v1',
         }),
       }),
@@ -140,6 +144,7 @@ describe('apiClient', () => {
         credentials: 'same-origin',
         headers: expect.objectContaining({
           Authorization: 'Bearer fresh-token',
+          'x-request-id': 'web-11111111-2222-3333-4444-555555555555',
         }),
       }),
     );
diff --git a/src/services/apiClient.ts b/src/services/apiClient.ts
index 7d106555..bf8eacd4 100644
--- a/src/services/apiClient.ts
+++ b/src/services/apiClient.ts
@@ -40,6 +40,8 @@ export type ApiRequestOptions = {
   notifyAuthStateChange?: boolean;
   // 推荐页自动加载作品这类局部后台请求失败时，只应让当前卡片报错，不应清空全局登录态。
   clearAuthOnUnauthorized?: boolean;
+  // 同一次业务请求在客户端重试时复用 request id，后端据此做计费幂等。
+  requestId?: string;
 };
 
 export const BACKGROUND_AUTH_REQUEST_OPTIONS = {
@@ -99,6 +101,22 @@ function normalizeHeaders(headers?: HeadersInit) {
   return nextHeaders;
 }
 
+function buildClientRequestId() {
+  const randomId =
+    typeof crypto !== 'undefined' && typeof crypto.randomUUID === 'function'
+      ? crypto.randomUUID()
+      : `${Date.now().toString(36)}-${Math.random().toString(36).slice(2)}`;
+  return `web-${randomId}`;
+}
+
+function resolveRequestIdHeader(headers: Record<string, string>, options: ApiRequestOptions) {
+  const explicitRequestId = options.requestId?.trim();
+  const existingRequestId = Object.entries(headers).find(
+    ([key, value]) => key.toLowerCase() === REQUEST_ID_HEADER && value.trim(),
+  )?.[1];
+  return explicitRequestId || existingRequestId || buildClientRequestId();
+}
+
 function coerceMeta(value: unknown): Partial<ApiMeta> {
   if (!isRecord(value)) {
     return {};
@@ -582,12 +600,14 @@ export async function fetchWithApiAuth(
   const retry = resolveRetryOptions(method, options.retry);
   const authFailurePolicy = resolveAuthFailurePolicy(options);
   const requestSignal = init.signal ?? undefined;
+  const requestId = resolveRequestIdHeader(normalizeHeaders(init.headers), options);
   let attempt = 0;
   let refreshAttempted = false;
 
   for (;;) {
     try {
       let requestHeaders = withAuthorizationHeaders(init.headers, options);
+      requestHeaders[REQUEST_ID_HEADER] = requestId;
       let hasAuthHeader = Boolean(
         requestHeaders.Authorization?.trim() ||
           requestHeaders.authorization?.trim(),
@@ -603,6 +623,7 @@ export async function fetchWithApiAuth(
           // 避免把后端原始 “缺少 Bearer Token” 直接暴露给业务 UI。
           await ensureStoredAccessToken();
           requestHeaders = withAuthorizationHeaders(init.headers, options);
+          requestHeaders[REQUEST_ID_HEADER] = requestId;
           hasAuthHeader = Boolean(
             requestHeaders.Authorization?.trim() ||
               requestHeaders.authorization?.trim(),

From b54cbafc540875e59ff89ccb28de58d1f3c78cd6 Mon Sep 17 00:00:00 2001
From: kdletters <kdletters@qq.com>
Date: Thu, 11 Jun 2026 22:33:05 +0800
Subject: [PATCH 9/9] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=9C=AC=E5=9C=B0?=
 =?UTF-8?q?=E6=9C=8D=E5=8A=A1=E5=99=A8=E7=AE=A1=E7=90=86=E9=9D=A2=E6=9D=BF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

新增 egui 服务器管理面板并支持 SSH alias 多服务器巡检

接入硬件状态、服务状态、HTTP 探测和生产巡检状态展示

增加受控 systemd 启动关闭重启操作和中文字体注入

补充本地服务器面板技术方案与团队共享记忆
---
 .hermes/shared-memory/decision-log.md         |    8 +
 .hermes/shared-memory/development-workflow.md |    9 +
 docs/README.md                                |    2 +
 ...��】本地SSH服务器管理面板技术方案-2026-06-11.md |   82 +
 package.json                                  |    1 +
 server-rs/Cargo.lock                          | 1779 ++++++++++++++++-
 server-rs/Cargo.toml                          |    1 +
 .../crates/server-manager-panel/Cargo.toml    |   13 +
 .../crates/server-manager-panel/src/app.rs    |  577 ++++++
 .../crates/server-manager-panel/src/fonts.rs  |  128 ++
 .../crates/server-manager-panel/src/health.rs |  474 +++++
 .../crates/server-manager-panel/src/lib.rs    |    5 +
 .../crates/server-manager-panel/src/main.rs   |   21 +
 .../crates/server-manager-panel/src/remote.rs |  231 +++
 .../server-manager-panel/src/ssh_config.rs    |  143 ++
 15 files changed, 3455 insertions(+), 19 deletions(-)
 create mode 100644 docs/technical/【开发运维】本地SSH服务器管理面板技术方案-2026-06-11.md
 create mode 100644 server-rs/crates/server-manager-panel/Cargo.toml
 create mode 100644 server-rs/crates/server-manager-panel/src/app.rs
 create mode 100644 server-rs/crates/server-manager-panel/src/fonts.rs
 create mode 100644 server-rs/crates/server-manager-panel/src/health.rs
 create mode 100644 server-rs/crates/server-manager-panel/src/lib.rs
 create mode 100644 server-rs/crates/server-manager-panel/src/main.rs
 create mode 100644 server-rs/crates/server-manager-panel/src/remote.rs
 create mode 100644 server-rs/crates/server-manager-panel/src/ssh_config.rs

diff --git a/.hermes/shared-memory/decision-log.md b/.hermes/shared-memory/decision-log.md
index dacfd637..9b254533 100644
--- a/.hermes/shared-memory/decision-log.md
+++ b/.hermes/shared-memory/decision-log.md
@@ -16,6 +16,14 @@
 
 ---
 
+## 2026-06-11 本地服务器管理入口采用 SSH alias + egui 桌面面板
+
+- 背景：release / dev 等服务器的日常巡检已有 systemd、健康巡检 timer 和 HTTP 探测口径，但开发者本地仍需要在多个 SSH alias 间手工切换命令并重复执行启停操作。
+- 决策：新增 `server-rs/crates/server-manager-panel` 作为本地 egui 桌面工具；服务器来源只读取本机 `~/.ssh/config` 的具体 `Host` alias，不保存服务器密钥或凭据；巡检通过 `ssh <alias> sh -s` 执行只读脚本，服务操作只允许 `start`、`stop`、`restart` 并限制 systemd unit 名字符集。
+- 影响范围：本地运维工具入口、`package.json` 的 `server-manager:panel`、开发运维文档和团队共享工作流。
+- 验证方式：`cargo check -p server-manager-panel --manifest-path server-rs/Cargo.toml`、`cargo test -p server-manager-panel --manifest-path server-rs/Cargo.toml`、`npm run check:encoding`。
+- 关联文档：`docs/technical/【开发运维】本地SSH服务器管理面板技术方案-2026-06-11.md`。
+
 ## 2026-06-10 公开作品互动能力进入后台全局配置
 
 - 背景：作品详情页的点赞和改造能力原本由前端和各玩法 handler 的硬编码能力矩阵决定，后台无法临时关闭某类公开作品的互动入口，直接关闭创作入口又会误伤已有作品读取和游玩。
diff --git a/.hermes/shared-memory/development-workflow.md b/.hermes/shared-memory/development-workflow.md
index f34cf07f..706dec37 100644
--- a/.hermes/shared-memory/development-workflow.md
+++ b/.hermes/shared-memory/development-workflow.md
@@ -95,6 +95,15 @@ npm run dev:web
 npm run dev:admin-web
 ```
 
+本地 SSH 服务器管理面板：
+
+```bash
+npm run server-manager:panel
+```
+
+该命令启动 `server-rs/crates/server-manager-panel` 的 egui 桌面工具，从本机 `~/.ssh/config` 读取可用 `Host` alias，支持多服务器健康巡检、可折叠侧边栏和受控 systemd 服务启停。服务操作通过远端 `sudo -n systemctl start|stop|restart <unit>` 执行，目标服务器需要提前配置对应 unit 的免交互 sudo 权限。
+面板启动时会自动注入本机中文字体；如开发机中文仍显示为方块，可设置 `GENARRATIVE_SERVER_PANEL_CJK_FONT=/path/to/font.ttc|index` 指向本机 CJK 字体。
+
 `npm run dev:api-server` 会保留终端实时输出，并把同一份输出持久化到 `logs/api-server/api-server-<timestamp>.log`。完整联调入口 `npm run dev` 启动的 Rust `api-server` 使用同一套日志规则。如需改写路径，可设置 `GENARRATIVE_API_SERVER_LOG_FILE`；如只改目录，可设置 `GENARRATIVE_API_SERVER_LOG_DIR`。
 
 开发态 `npm run dev` / `npm run dev:api-server` 默认打开 `GENARRATIVE_DEV_PASSWORD_ENTRY_AUTO_REGISTER_ENABLED=true`，密码入口可以直接注册未知手机号账号；生产默认仍关闭该开关。
diff --git a/docs/README.md b/docs/README.md
index 00c2f843..a5c6b407 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -21,6 +21,8 @@
 
 微信小程序虚拟支付接入、`wechat_mp_virtual` 渠道、`wx.requestVirtualPayment` 承接页和后端签名配置见 [【技术方案】微信虚拟支付接入-2026-05-26.md](./%E3%80%90%E6%8A%80%E6%9C%AF%E6%96%B9%E6%A1%88%E3%80%91%E5%BE%AE%E4%BF%A1%E8%99%9A%E6%8B%9F%E6%94%AF%E4%BB%98%E6%8E%A5%E5%85%A5-2026-05-26.md)。
 
+本地通过 SSH alias 管理多台服务器、查看硬件 / systemd / HTTP 健康状态并执行受控服务启停的 egui 桌面工具见 [【开发运维】本地SSH服务器管理面板技术方案-2026-06-11.md](./technical/【开发运维】本地SSH服务器管理面板技术方案-2026-06-11.md)。
+
 生产部署切换到 systemd + Nginx + SpacetimeDB 自托管的总方案见 [PRODUCTION_DEPLOYMENT_PLAN_2026-05-02.md](./technical/PRODUCTION_DEPLOYMENT_PLAN_2026-05-02.md)，该文档也是当前生产 Jenkinsfile 的唯一入口。SpacetimeDB 表结构变更、自动迁移边界和保留旧数据的分阶段迁移流程见 [SPACETIMEDB_SCHEMA_CHANGE_CONSTRAINTS.md](./technical/SPACETIMEDB_SCHEMA_CHANGE_CONSTRAINTS.md)；private 表迁移 JSON 导入导出、HTTP 413 分片导入和旧数据库迁移流水线经验见 [SPACETIMEDB_JSON_STRING_MIGRATION_PROCEDURE_2026-04-27.md](./technical/SPACETIMEDB_JSON_STRING_MIGRATION_PROCEDURE_2026-04-27.md) 与 [JENKINS_SPACETIMEDB_DATABASE_MIGRATION_PIPELINES_2026-04-29.md](./technical/JENKINS_SPACETIMEDB_DATABASE_MIGRATION_PIPELINES_2026-04-29.md)；后台管理独立前端工程技术方案见 [ADMIN_WEB_CONSOLE_TECHNICAL_SOLUTION_2026-04-30.md](./technical/ADMIN_WEB_CONSOLE_TECHNICAL_SOLUTION_2026-04-30.md)。
 
 SpacetimeDB 表结构变更、自动迁移边界和保留旧数据的分阶段迁移流程见 [SPACETIMEDB_SCHEMA_CHANGE_CONSTRAINTS.md](./technical/SPACETIMEDB_SCHEMA_CHANGE_CONSTRAINTS.md)。
diff --git a/docs/technical/【开发运维】本地SSH服务器管理面板技术方案-2026-06-11.md b/docs/technical/【开发运维】本地SSH服务器管理面板技术方案-2026-06-11.md
new file mode 100644
index 00000000..aeecda90
--- /dev/null
+++ b/docs/technical/【开发运维】本地SSH服务器管理面板技术方案-2026-06-11.md
@@ -0,0 +1,82 @@
+# 本地 SSH 服务器管理面板技术方案
+
+日期：`2026-06-11`
+
+## 背景
+
+release / dev 等服务器的日常巡检已经有 `genarrative-health-patrol.timer`、`/readyz`、`/healthz`、SpacetimeDB `/v1/ping` 和 systemd 状态文件，但开发者本地仍需要在多个 SSH alias 之间切换命令。服务器管理面板用于把这些只读巡检和少量 systemd 服务操作收敛到一个本地桌面入口。
+
+## 范围
+
+- 使用 Rust `egui` / `eframe` 实现本地桌面面板，不接入线上 Web 后台，不暴露公网端口。
+- 从本机 `~/.ssh/config` 的 `Host` alias 发现服务器；只展示不含通配符的 alias。
+- 支持多个服务器，左侧服务器侧边栏可收起。
+- 主面板展示硬件状态、服务状态、HTTP 健康探测和生产健康巡检状态。
+- 支持对允许的 systemd unit 执行启动、关闭、重启。
+
+## 命令入口
+
+```bash
+npm run server-manager:panel
+```
+
+等价于：
+
+```bash
+cargo run -p server-manager-panel --manifest-path server-rs/Cargo.toml
+```
+
+面板启动时会自动查找本机中文字体并注入 egui 字体集，优先使用 `Noto Sans CJK SC`，其次使用文泉驿 / Droid fallback。若某台开发机字体路径特殊，可用 `GENARRATIVE_SERVER_PANEL_CJK_FONT=/path/to/font.ttc|index` 指定；普通 `.ttf` 可省略 `|index`。
+
+## SSH 约定
+
+本地 `~/.ssh/config` 中需要存在类似：
+
+```sshconfig
+Host dev
+  HostName 10.2.0.10
+  User genarrative
+
+Host release
+  HostName genarrative.world
+  User genarrative
+```
+
+面板通过 `ssh <alias> sh -s` 执行远端只读巡检脚本。服务操作使用：
+
+```bash
+sudo -n systemctl <start|stop|restart> <unit>
+```
+
+若 SSH 用户是 root，则直接执行 `systemctl`。非 root 用户需要提前配置只允许目标 unit 的无密码 sudo；否则面板会显示 sudo 权限错误，不会弹出交互密码输入。
+
+## 健康检查内容
+
+只读巡检覆盖：
+
+- 主机名、内核、运行时长、CPU 核数 / 型号、load average。
+- 内存 / swap 使用情况。
+- `/`、`/var`、`/opt`、`/stdb`、`/data` 中存在路径的磁盘使用率。
+- `genarrative-api.service`、`spacetimedb.service`、`nginx.service`、`genarrative-health-patrol.timer`、`genarrative-database-backup.timer` 的 systemd 状态。
+- `http://127.0.0.1:8082/healthz`、`/readyz`、`http://127.0.0.1:3101/v1/ping` 和代表性公开接口。
+- `/var/lib/genarrative/health-patrol/status.json` 的最近巡检状态。
+- 若服务器安装了 `sensors`，附带温度 / 风扇等硬件传感器摘要。
+
+## 服务操作安全边界
+
+面板只允许 `start`、`stop`、`restart` 三种动作，并且 unit 名必须匹配安全字符集：
+
+```text
+A-Z a-z 0-9 . _ - @ :
+```
+
+服务操作会先出现确认弹窗，避免误点。第一版默认列出 Genarrative 生产相关 unit，并提供“其他 unit”输入框；该输入框仍只会执行 `systemctl` 的三种受控动作，不提供任意命令执行入口。
+
+## 状态判定
+
+- service / HTTP 探测失败：`CRITICAL`。
+- 磁盘使用率 `>= 95%`：`CRITICAL`，`>= 85%`：`WARNING`。
+- 内存使用率 `>= 95%`：`CRITICAL`，`>= 85%`：`WARNING`。
+- 生产健康巡检状态沿用 `OK / WARNING / CRITICAL`。
+
+面板状态只是本地巡检视图，最终运维事实仍以服务器上的 systemd、journal、Nginx 日志、`production-health-patrol.mjs` 输出和现有部署文档为准。
diff --git a/package.json b/package.json
index b9055ebf..c4b39b8d 100644
--- a/package.json
+++ b/package.json
@@ -9,6 +9,7 @@
     "dev:api-server": "node scripts/dev.mjs api-server",
     "dev:web": "node scripts/dev.mjs web",
     "dev:admin-web": "node scripts/dev.mjs admin-web",
+    "server-manager:panel": "cargo run -p server-manager-panel --manifest-path server-rs/Cargo.toml",
     "dev:spacetime:logs": "node scripts/run-bash-script.mjs scripts/spacetime-logs-local.sh",
     "otel:debug": "node scripts/run-otelcol.mjs debug",
     "otel:rider": "node scripts/run-otelcol.mjs rider",
diff --git a/server-rs/Cargo.lock b/server-rs/Cargo.lock
index f285faaf..99cf595c 100644
--- a/server-rs/Cargo.lock
+++ b/server-rs/Cargo.lock
@@ -2,6 +2,22 @@
 # It is not intended for manual editing.
 version = 4
 
+[[package]]
+name = "ab_glyph"
+version = "0.2.32"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "01c0457472c38ea5bd1c3b5ada5e368271cb550be7a4ca4a0b4634e9913f6cc2"
+dependencies = [
+ "ab_glyph_rasterizer",
+ "owned_ttf_parser",
+]
+
+[[package]]
+name = "ab_glyph_rasterizer"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "366ffbaa4442f4684d91e2cd7c5ea7c4ed8add41959a31447066e279e432b618"
+
 [[package]]
 name = "adler2"
 version = "2.0.1"
@@ -35,6 +51,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5a15f179cd60c4584b8a8c596927aadc462e27f2ca70c04e0071964a73ba7a75"
 dependencies = [
  "cfg-if",
+ "getrandom 0.3.4",
  "once_cell",
  "version_check",
  "zerocopy",
@@ -64,6 +81,31 @@ dependencies = [
  "alloc-no-stdlib",
 ]
 
+[[package]]
+name = "android-activity"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0f2a1bb052857d5dd49572219344a7332b31b76405648eabac5bc68978251bcd"
+dependencies = [
+ "android-properties",
+ "bitflags 2.11.1",
+ "cc",
+ "jni",
+ "libc",
+ "log",
+ "ndk",
+ "ndk-context",
+ "ndk-sys",
+ "num_enum",
+ "thiserror 2.0.18",
+]
+
+[[package]]
+name = "android-properties"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc7eb209b1518d6bb87b283c20095f5228ecda460da70b44f0802523dea6da04"
+
 [[package]]
 name = "android_system_properties"
 version = "0.1.5"
@@ -173,6 +215,26 @@ dependencies = [
  "derive_arbitrary",
 ]
 
+[[package]]
+name = "arboard"
+version = "3.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0348a1c054491f4bfe6ab86a7b6ab1e44e45d899005de92f58b3df180b36ddaf"
+dependencies = [
+ "clipboard-win",
+ "image",
+ "log",
+ "objc2 0.6.4",
+ "objc2-app-kit 0.3.2",
+ "objc2-core-foundation",
+ "objc2-core-graphics",
+ "objc2-foundation 0.3.2",
+ "parking_lot",
+ "percent-encoding",
+ "windows-sys 0.59.0",
+ "x11rb",
+]
+
 [[package]]
 name = "argon2"
 version = "0.5.3"
@@ -197,6 +259,12 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7c02d123df017efcdfbd739ef81735b36c5ba83ec3c59c80a9d7ecc718f92e50"
 
+[[package]]
+name = "as-raw-xcb-connection"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "175571dd1d178ced59193a6fc02dde1b972eb0bc56c892cde9beeceac5bf0f6b"
+
 [[package]]
 name = "async-stream"
 version = "0.3.6"
@@ -324,6 +392,21 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "bit-set"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08807e080ed7f9d5433fa9b275196cfc35414f66a0c79d864dc51a0d825231a3"
+dependencies = [
+ "bit-vec",
+]
+
+[[package]]
+name = "bit-vec"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e764a1d40d510daf35e07be9eb06e75770908c27d411ee6c92109c9840eaaf7"
+
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@@ -377,6 +460,15 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "block2"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2c132eebf10f5cad5289222520a4a058514204aed6d791f1cf4fe8088b82d15f"
+dependencies = [
+ "objc2 0.5.2",
+]
+
 [[package]]
 name = "brotli"
 version = "3.5.0"
@@ -409,6 +501,20 @@ name = "bytemuck"
 version = "1.25.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c8efb64bd706a16a1bdde310ae86b351e4d21550d98d056f22f8a7f7a2183fec"
+dependencies = [
+ "bytemuck_derive",
+]
+
+[[package]]
+name = "bytemuck_derive"
+version = "1.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9abbd1bc6865053c427f7198e6af43bfdedc55ab791faed4fbd361d789575ff"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
 
 [[package]]
 name = "byteorder-lite"
@@ -432,6 +538,57 @@ dependencies = [
  "serde_core",
 ]
 
+[[package]]
+name = "calloop"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b99da2f8558ca23c71f4fd15dc57c906239752dd27ff3c00a1d56b685b7cbfec"
+dependencies = [
+ "bitflags 2.11.1",
+ "log",
+ "polling",
+ "rustix 0.38.44",
+ "slab",
+ "thiserror 1.0.69",
+]
+
+[[package]]
+name = "calloop"
+version = "0.14.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4dbf9978365bac10f54d1d4b04f7ce4427e51f71d61f2fe15e3fed5166474df7"
+dependencies = [
+ "bitflags 2.11.1",
+ "polling",
+ "rustix 1.1.4",
+ "slab",
+ "tracing",
+]
+
+[[package]]
+name = "calloop-wayland-source"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95a66a987056935f7efce4ab5668920b5d0dac4a7c99991a67395f13702ddd20"
+dependencies = [
+ "calloop 0.13.0",
+ "rustix 0.38.44",
+ "wayland-backend",
+ "wayland-client",
+]
+
+[[package]]
+name = "calloop-wayland-source"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "138efcf0940a02ebf0cc8d1eff41a1682a46b431630f4c52450d6265876021fa"
+dependencies = [
+ "calloop 0.14.4",
+ "rustix 1.1.4",
+ "wayland-backend",
+ "wayland-client",
+]
+
 [[package]]
 name = "castaway"
 version = "0.2.4"
@@ -474,6 +631,15 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724"
 
+[[package]]
+name = "cgl"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0ced0551234e87afee12411d535648dd89d2e7f34c78b753395567aff3d447ff"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "chrono"
 version = "0.4.44"
@@ -498,6 +664,43 @@ dependencies = [
  "inout",
 ]
 
+[[package]]
+name = "clipboard-win"
+version = "5.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bde03770d3df201d4fb868f2c9c59e66a3e4e2bd06692a0fe701e7103c7e84d4"
+dependencies = [
+ "error-code",
+]
+
+[[package]]
+name = "codespan-reporting"
+version = "0.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fe6d2e5af09e8c8ad56c969f2157a3d4238cebc7c55f0a517728c38f7b200f81"
+dependencies = [
+ "unicode-width",
+]
+
+[[package]]
+name = "combine"
+version = "4.6.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba5a308b75df32fe02788e748662718f03fde005016435c444eea572398219fd"
+dependencies = [
+ "bytes",
+ "memchr",
+]
+
+[[package]]
+name = "concurrent-queue"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973"
+dependencies = [
+ "crossbeam-utils",
+]
+
 [[package]]
 name = "console"
 version = "0.16.3"
@@ -540,12 +743,46 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "core-foundation"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6"
+dependencies = [
+ "core-foundation-sys",
+ "libc",
+]
+
 [[package]]
 name = "core-foundation-sys"
 version = "0.8.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
 
+[[package]]
+name = "core-graphics"
+version = "0.23.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c07782be35f9e1140080c6b96f0d44b739e2278479f64e02fdab4e32dfd8b081"
+dependencies = [
+ "bitflags 1.3.2",
+ "core-foundation 0.9.4",
+ "core-graphics-types",
+ "foreign-types 0.5.0",
+ "libc",
+]
+
+[[package]]
+name = "core-graphics-types"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "45390e6114f68f718cc7a830514a96f903cccd70d02a8f6d9f643ac4ba45afaf"
+dependencies = [
+ "bitflags 1.3.2",
+ "core-foundation 0.9.4",
+ "libc",
+]
+
 [[package]]
 name = "cpufeatures"
 version = "0.2.17"
@@ -607,6 +844,12 @@ version = "0.8.21"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
 
+[[package]]
+name = "crunchy"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5"
+
 [[package]]
 name = "crypto-common"
 version = "0.1.7"
@@ -665,9 +908,15 @@ dependencies = [
  "openssl-sys",
  "pkg-config",
  "vcpkg",
- "windows-sys 0.59.0",
+ "windows-sys 0.61.2",
 ]
 
+[[package]]
+name = "cursor-icon"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f27ae1dd37df86211c42e150270f82743308803d90a6f6e6651cd730d5e1732f"
+
 [[package]]
 name = "darling"
 version = "0.23.0"
@@ -763,6 +1012,22 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "dispatch"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bd0c93bb4b0c6d9b77f4435b0ae98c24d17f1c45b2ff844c6151a07256ca923b"
+
+[[package]]
+name = "dispatch2"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1e0e367e4e7da84520dedcac1901e4da967309406d1e51017ae1abfb97adbd38"
+dependencies = [
+ "bitflags 2.11.1",
+ "objc2 0.6.4",
+]
+
 [[package]]
 name = "displaydoc"
 version = "0.2.5"
@@ -774,24 +1039,183 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "dlib"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ab8ecd87370524b461f8557c119c405552c396ed91fc0a8eec68679eab26f94a"
+dependencies = [
+ "libloading",
+]
+
+[[package]]
+name = "document-features"
+version = "0.2.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d4b8a88685455ed29a21542a33abd9cb6510b6b129abadabdcef0f4c55bc8f61"
+dependencies = [
+ "litrs",
+]
+
 [[package]]
 name = "dotenvy"
 version = "0.15.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
 
+[[package]]
+name = "downcast-rs"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75b325c5dbd37f80359721ad39aca5a29fb04c89279657cffdda8736d0c0b9d2"
+
+[[package]]
+name = "dpi"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d8b14ccef22fc6f5a8f4d7d768562a182c04ce9a3b3157b91390b52ddfdf1a76"
+
 [[package]]
 name = "dyn-clone"
 version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555"
 
+[[package]]
+name = "ecolor"
+version = "0.33.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "71ddb8ac7643d1dba1bb02110e804406dd459a838efcb14011ced10556711a8e"
+dependencies = [
+ "bytemuck",
+ "emath",
+]
+
+[[package]]
+name = "eframe"
+version = "0.33.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "457481173e6db5ca9fa2be93a58df8f4c7be639587aeb4853b526c6cf87db4e6"
+dependencies = [
+ "ahash",
+ "bytemuck",
+ "document-features",
+ "egui",
+ "egui-wgpu",
+ "egui-winit",
+ "egui_glow",
+ "glow",
+ "glutin",
+ "glutin-winit",
+ "image",
+ "js-sys",
+ "log",
+ "objc2 0.5.2",
+ "objc2-app-kit 0.2.2",
+ "objc2-foundation 0.2.2",
+ "parking_lot",
+ "percent-encoding",
+ "profiling",
+ "raw-window-handle",
+ "static_assertions",
+ "wasm-bindgen",
+ "wasm-bindgen-futures",
+ "web-sys",
+ "web-time",
+ "windows-sys 0.61.2",
+ "winit",
+]
+
+[[package]]
+name = "egui"
+version = "0.33.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a9b567d356674e9a5121ed3fedfb0a7c31e059fe71f6972b691bcd0bfc284e3"
+dependencies = [
+ "ahash",
+ "bitflags 2.11.1",
+ "emath",
+ "epaint",
+ "log",
+ "nohash-hasher",
+ "profiling",
+ "smallvec",
+ "unicode-segmentation",
+]
+
+[[package]]
+name = "egui-wgpu"
+version = "0.33.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e4d209971c84b2352a06174abdba701af1e552ce56b144d96f2bd50a3c91236"
+dependencies = [
+ "ahash",
+ "bytemuck",
+ "document-features",
+ "egui",
+ "epaint",
+ "log",
+ "profiling",
+ "thiserror 2.0.18",
+ "type-map",
+ "web-time",
+ "wgpu",
+ "winit",
+]
+
+[[package]]
+name = "egui-winit"
+version = "0.33.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec6687e5bb551702f4ad10ac428bab12acf9d53047ebb1082d4a0ed8c6251a29"
+dependencies = [
+ "arboard",
+ "bytemuck",
+ "egui",
+ "log",
+ "objc2 0.5.2",
+ "objc2-foundation 0.2.2",
+ "objc2-ui-kit",
+ "profiling",
+ "raw-window-handle",
+ "smithay-clipboard",
+ "web-time",
+ "webbrowser",
+ "winit",
+]
+
+[[package]]
+name = "egui_glow"
+version = "0.33.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6420863ea1d90e750f75075231a260030ad8a9f30a7cef82cdc966492dc4c4eb"
+dependencies = [
+ "bytemuck",
+ "egui",
+ "glow",
+ "log",
+ "memoffset",
+ "profiling",
+ "wasm-bindgen",
+ "web-sys",
+ "winit",
+]
+
 [[package]]
 name = "either"
 version = "1.15.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
 
+[[package]]
+name = "emath"
+version = "0.33.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "491bdf728bf25ddd9ad60d4cf1c48588fa82c013a2440b91aa7fc43e34a07c32"
+dependencies = [
+ "bytemuck",
+]
+
 [[package]]
 name = "encode_unicode"
 version = "1.0.0"
@@ -839,6 +1263,30 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "epaint"
+version = "0.33.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "009d0dd3c2163823a0abdb899451ecbc78798dec545ee91b43aff1fa790bab62"
+dependencies = [
+ "ab_glyph",
+ "ahash",
+ "bytemuck",
+ "ecolor",
+ "emath",
+ "epaint_default_fonts",
+ "log",
+ "nohash-hasher",
+ "parking_lot",
+ "profiling",
+]
+
+[[package]]
+name = "epaint_default_fonts"
+version = "0.33.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c4fbe202b6578d3d56428fa185cdf114a05e49da05f477b3c7f0fbb221f1862"
+
 [[package]]
 name = "equivalent"
 version = "1.0.2"
@@ -852,9 +1300,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.59.0",
+ "windows-sys 0.61.2",
 ]
 
+[[package]]
+name = "error-code"
+version = "3.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dea2df4cf52843e0452895c455a1a2cfbb842a1e7329671acf418fdc53ed4c59"
+
 [[package]]
 name = "ethnum"
 version = "1.5.3"
@@ -879,6 +1333,12 @@ version = "2.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9f1f227452a390804cdb637b74a86990f2a7d7ba4b7d5693aac9b4dd6defd8d6"
 
+[[package]]
+name = "fax"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "caf1079563223d5d59d83c85886a56e586cfd5c1a26292e971a0fa266531ac5a"
+
 [[package]]
 name = "fdeflate"
 version = "0.3.7"
@@ -922,13 +1382,40 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
 
+[[package]]
+name = "foldhash"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77ce24cb58228fbb8aa041425bb1050850ac19177686ea6e0f41a70416f56fdb"
+
 [[package]]
 name = "foreign-types"
 version = "0.3.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1"
 dependencies = [
- "foreign-types-shared",
+ "foreign-types-shared 0.1.1",
+]
+
+[[package]]
+name = "foreign-types"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d737d9aa519fb7b749cbc3b962edcf310a8dd1f4b67c91c4f83975dbdd17d965"
+dependencies = [
+ "foreign-types-macros",
+ "foreign-types-shared 0.3.1",
+]
+
+[[package]]
+name = "foreign-types-macros"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a5c6c585bc94aaf2c7b51dd4c2ba22680844aba4c687be581871a6f518c5742"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
 ]
 
 [[package]]
@@ -937,6 +1424,12 @@ version = "0.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b"
 
+[[package]]
+name = "foreign-types-shared"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa9a19cbb55df58761df49b23516a86d432839add4af60fc256da840f66ed35b"
+
 [[package]]
 name = "form_urlencoded"
 version = "1.2.2"
@@ -1044,6 +1537,16 @@ dependencies = [
  "version_check",
 ]
 
+[[package]]
+name = "gethostname"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bd49230192a3797a9a4d6abe9b3eed6f7fa4c8a8a4947977c6f80025f92cbd8"
+dependencies = [
+ "rustix 1.1.4",
+ "windows-link",
+]
+
 [[package]]
 name = "getrandom"
 version = "0.2.17"
@@ -1084,12 +1587,101 @@ dependencies = [
  "wasip3",
 ]
 
+[[package]]
+name = "gl_generator"
+version = "0.14.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a95dfc23a2b4a9a2f5ab41d194f8bfda3cabec42af4e39f08c339eb2a0c124d"
+dependencies = [
+ "khronos_api",
+ "log",
+ "xml-rs",
+]
+
 [[package]]
 name = "glob"
 version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
 
+[[package]]
+name = "glow"
+version = "0.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c5e5ea60d70410161c8bf5da3fdfeaa1c72ed2c15f8bbb9d19fe3a4fad085f08"
+dependencies = [
+ "js-sys",
+ "slotmap",
+ "wasm-bindgen",
+ "web-sys",
+]
+
+[[package]]
+name = "glutin"
+version = "0.32.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "12124de845cacfebedff80e877bb37b5b75c34c5a4c89e47e1cdd67fb6041325"
+dependencies = [
+ "bitflags 2.11.1",
+ "cfg_aliases",
+ "cgl",
+ "dispatch2",
+ "glutin_egl_sys",
+ "glutin_glx_sys",
+ "glutin_wgl_sys",
+ "libloading",
+ "objc2 0.6.4",
+ "objc2-app-kit 0.3.2",
+ "objc2-core-foundation",
+ "objc2-foundation 0.3.2",
+ "once_cell",
+ "raw-window-handle",
+ "wayland-sys",
+ "windows-sys 0.52.0",
+ "x11-dl",
+]
+
+[[package]]
+name = "glutin-winit"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85edca7075f8fc728f28cb8fbb111a96c3b89e930574369e3e9c27eb75d3788f"
+dependencies = [
+ "cfg_aliases",
+ "glutin",
+ "raw-window-handle",
+ "winit",
+]
+
+[[package]]
+name = "glutin_egl_sys"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c4680ba6195f424febdc3ba46e7a42a0e58743f2edb115297b86d7f8ecc02d2"
+dependencies = [
+ "gl_generator",
+ "windows-sys 0.52.0",
+]
+
+[[package]]
+name = "glutin_glx_sys"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a7bb2938045a88b612499fbcba375a77198e01306f52272e692f8c1f3751185"
+dependencies = [
+ "gl_generator",
+ "x11-dl",
+]
+
+[[package]]
+name = "glutin_wgl_sys"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2c4ee00b289aba7a9e5306d57c2d05499b2e5dc427f84ac708bd2c090212cf3e"
+dependencies = [
+ "gl_generator",
+]
+
 [[package]]
 name = "h2"
 version = "0.3.27"
@@ -1109,6 +1701,18 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "half"
+version = "2.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ea2d84b969582b4b1864a92dc5d27cd2b77b622a8d79306834f1be5ba20d84b"
+dependencies = [
+ "cfg-if",
+ "crunchy",
+ "num-traits",
+ "zerocopy",
+]
+
 [[package]]
 name = "hashbrown"
 version = "0.12.3"
@@ -1121,7 +1725,7 @@ version = "0.15.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
 dependencies = [
- "foldhash",
+ "foldhash 0.1.5",
 ]
 
 [[package]]
@@ -1131,6 +1735,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
 dependencies = [
  "equivalent",
+ "foldhash 0.2.0",
  "rayon",
  "serde",
  "serde_core",
@@ -1154,12 +1759,24 @@ version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
 
+[[package]]
+name = "hermit-abi"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fc0fef456e4baa96da950455cd02c081ca953b141298e41db3fc7e36b1da849c"
+
 [[package]]
 name = "hex"
 version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
 
+[[package]]
+name = "hexf-parse"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dfa686283ad6dd069f105e5ab091b04c62850d3e4cf5d67debad1933f55023df"
+
 [[package]]
 name = "hmac"
 version = "0.12.1"
@@ -1342,7 +1959,7 @@ dependencies = [
  "libc",
  "percent-encoding",
  "pin-project-lite",
- "socket2 0.5.10",
+ "socket2 0.6.3",
  "tokio",
  "tower-service",
  "tracing",
@@ -1499,6 +2116,7 @@ dependencies = [
  "moxcms",
  "num-traits",
  "png",
+ "tiff",
  "zune-core",
  "zune-jpeg",
 ]
@@ -1593,6 +2211,64 @@ version = "1.0.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682"
 
+[[package]]
+name = "jni"
+version = "0.22.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5efd9a482cf3a427f00d6b35f14332adc7902ce91efb778580e180ff90fa3498"
+dependencies = [
+ "cfg-if",
+ "combine",
+ "jni-macros",
+ "jni-sys 0.4.1",
+ "log",
+ "simd_cesu8",
+ "thiserror 2.0.18",
+ "walkdir",
+ "windows-link",
+]
+
+[[package]]
+name = "jni-macros"
+version = "0.22.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a00109accc170f0bdb141fed3e393c565b6f5e072365c3bd58f5b062591560a3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "rustc_version",
+ "simd_cesu8",
+ "syn",
+]
+
+[[package]]
+name = "jni-sys"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41a652e1f9b6e0275df1f15b32661cf0d4b78d4d87ddec5e0c3c20f097433258"
+dependencies = [
+ "jni-sys 0.4.1",
+]
+
+[[package]]
+name = "jni-sys"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c6377a88cb3910bee9b0fa88d4f42e1d2da8e79915598f65fb0c7ee14c878af2"
+dependencies = [
+ "jni-sys-macros",
+]
+
+[[package]]
+name = "jni-sys-macros"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38c0b942f458fe50cdac086d2f946512305e5631e720728f2a61aabcd47a6264"
+dependencies = [
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "jobserver"
 version = "0.1.34"
@@ -1639,6 +2315,12 @@ dependencies = [
  "cpufeatures 0.2.17",
 ]
 
+[[package]]
+name = "khronos_api"
+version = "3.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2db585e1d738fc771bf08a151420d3ed193d9d895a36df7f6f8a9456b911ddc"
+
 [[package]]
 name = "langchainrust"
 version = "0.2.18"
@@ -1690,6 +2372,34 @@ version = "0.2.185"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f"
 
+[[package]]
+name = "libloading"
+version = "0.8.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55"
+dependencies = [
+ "cfg-if",
+ "windows-link",
+]
+
+[[package]]
+name = "libm"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981"
+
+[[package]]
+name = "libredox"
+version = "0.1.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f02ab6bace2054fb888a3c16f990117b579d14a3088e472d63c6011fa185c9d3"
+dependencies = [
+ "bitflags 2.11.1",
+ "libc",
+ "plain",
+ "redox_syscall 0.8.1",
+]
+
 [[package]]
 name = "libwebp-sys"
 version = "0.9.6"
@@ -1712,6 +2422,12 @@ dependencies = [
  "vcpkg",
 ]
 
+[[package]]
+name = "linux-raw-sys"
+version = "0.4.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d26c52dbd32dccf2d10cac7725f8eae5296885fb5703b261f7d0a0739ec807ab"
+
 [[package]]
 name = "linux-raw-sys"
 version = "0.12.1"
@@ -1724,6 +2440,12 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "92daf443525c4cce67b150400bc2316076100ce0b3686209eb8cf3c31612e6f0"
 
+[[package]]
+name = "litrs"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "11d3d7f243d5c5a8b9bb5d6dd2b1602c0cb0b9db1621bafc7ed66e35ff9fe092"
+
 [[package]]
 name = "lock_api"
 version = "0.4.14"
@@ -1794,6 +2516,24 @@ version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
+[[package]]
+name = "memmap2"
+version = "0.9.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "714098028fe011992e1c3962653c96b2d578c4b4bce9036e15ff220319b1e0e3"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "memoffset"
+version = "0.9.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a"
+dependencies = [
+ "autocfg",
+]
+
 [[package]]
 name = "mime"
 version = "0.3.17"
@@ -2074,6 +2814,31 @@ dependencies = [
  "pxfm",
 ]
 
+[[package]]
+name = "naga"
+version = "27.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "066cf25f0e8b11ee0df221219010f213ad429855f57c494f995590c861a9a7d8"
+dependencies = [
+ "arrayvec",
+ "bit-set",
+ "bitflags 2.11.1",
+ "cfg-if",
+ "cfg_aliases",
+ "codespan-reporting",
+ "half",
+ "hashbrown 0.16.1",
+ "hexf-parse",
+ "indexmap 2.14.0",
+ "libm",
+ "log",
+ "num-traits",
+ "once_cell",
+ "rustc-hash 1.1.0",
+ "thiserror 2.0.18",
+ "unicode-ident",
+]
+
 [[package]]
 name = "native-tls"
 version = "0.2.14"
@@ -2091,6 +2856,36 @@ dependencies = [
  "tempfile",
 ]
 
+[[package]]
+name = "ndk"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c3f42e7bbe13d351b6bead8286a43aac9534b82bd3cc43e47037f012ebfd62d4"
+dependencies = [
+ "bitflags 2.11.1",
+ "jni-sys 0.3.1",
+ "log",
+ "ndk-sys",
+ "num_enum",
+ "raw-window-handle",
+ "thiserror 1.0.69",
+]
+
+[[package]]
+name = "ndk-context"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "27b02d87554356db9e9a873add8782d4ea6e3e58ea071a9adb9a2e8ddb884a8b"
+
+[[package]]
+name = "ndk-sys"
+version = "0.6.0+11769913"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee6cda3051665f1fb8d9e08fc35c96d5a244fb1be711a03b71118828afc9a873"
+dependencies = [
+ "jni-sys 0.3.1",
+]
+
 [[package]]
 name = "nohash-hasher"
 version = "0.2.0"
@@ -2113,7 +2908,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -2148,6 +2943,300 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
 dependencies = [
  "autocfg",
+ "libm",
+]
+
+[[package]]
+name = "num_enum"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d0bca838442ec211fa11de3a8b0e0e8f3a4522575b5c4c06ed722e005036f26"
+dependencies = [
+ "num_enum_derive",
+ "rustversion",
+]
+
+[[package]]
+name = "num_enum_derive"
+version = "0.7.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "680998035259dcfcafe653688bf2aa6d3e2dc05e98be6ab46afb089dc84f1df8"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "objc-sys"
+version = "0.3.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cdb91bdd390c7ce1a8607f35f3ca7151b65afc0ff5ff3b34fa350f7d7c7e4310"
+
+[[package]]
+name = "objc2"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "46a785d4eeff09c14c487497c162e92766fbb3e4059a71840cecc03d9a50b804"
+dependencies = [
+ "objc-sys",
+ "objc2-encode",
+]
+
+[[package]]
+name = "objc2"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3a12a8ed07aefc768292f076dc3ac8c48f3781c8f2d5851dd3d98950e8c5a89f"
+dependencies = [
+ "objc2-encode",
+]
+
+[[package]]
+name = "objc2-app-kit"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e4e89ad9e3d7d297152b17d39ed92cd50ca8063a89a9fa569046d41568891eff"
+dependencies = [
+ "bitflags 2.11.1",
+ "block2",
+ "libc",
+ "objc2 0.5.2",
+ "objc2-core-data",
+ "objc2-core-image",
+ "objc2-foundation 0.2.2",
+ "objc2-quartz-core",
+]
+
+[[package]]
+name = "objc2-app-kit"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d49e936b501e5c5bf01fda3a9452ff86dc3ea98ad5f283e1455153142d97518c"
+dependencies = [
+ "bitflags 2.11.1",
+ "objc2 0.6.4",
+ "objc2-core-foundation",
+ "objc2-core-graphics",
+ "objc2-foundation 0.3.2",
+]
+
+[[package]]
+name = "objc2-cloud-kit"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "74dd3b56391c7a0596a295029734d3c1c5e7e510a4cb30245f8221ccea96b009"
+dependencies = [
+ "bitflags 2.11.1",
+ "block2",
+ "objc2 0.5.2",
+ "objc2-core-location",
+ "objc2-foundation 0.2.2",
+]
+
+[[package]]
+name = "objc2-contacts"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a5ff520e9c33812fd374d8deecef01d4a840e7b41862d849513de77e44aa4889"
+dependencies = [
+ "block2",
+ "objc2 0.5.2",
+ "objc2-foundation 0.2.2",
+]
+
+[[package]]
+name = "objc2-core-data"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "617fbf49e071c178c0b24c080767db52958f716d9eabdf0890523aeae54773ef"
+dependencies = [
+ "bitflags 2.11.1",
+ "block2",
+ "objc2 0.5.2",
+ "objc2-foundation 0.2.2",
+]
+
+[[package]]
+name = "objc2-core-foundation"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a180dd8642fa45cdb7dd721cd4c11b1cadd4929ce112ebd8b9f5803cc79d536"
+dependencies = [
+ "bitflags 2.11.1",
+ "dispatch2",
+ "objc2 0.6.4",
+]
+
+[[package]]
+name = "objc2-core-graphics"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e022c9d066895efa1345f8e33e584b9f958da2fd4cd116792e15e07e4720a807"
+dependencies = [
+ "bitflags 2.11.1",
+ "dispatch2",
+ "objc2 0.6.4",
+ "objc2-core-foundation",
+ "objc2-io-surface",
+]
+
+[[package]]
+name = "objc2-core-image"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "55260963a527c99f1819c4f8e3b47fe04f9650694ef348ffd2227e8196d34c80"
+dependencies = [
+ "block2",
+ "objc2 0.5.2",
+ "objc2-foundation 0.2.2",
+ "objc2-metal",
+]
+
+[[package]]
+name = "objc2-core-location"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "000cfee34e683244f284252ee206a27953279d370e309649dc3ee317b37e5781"
+dependencies = [
+ "block2",
+ "objc2 0.5.2",
+ "objc2-contacts",
+ "objc2-foundation 0.2.2",
+]
+
+[[package]]
+name = "objc2-encode"
+version = "4.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ef25abbcd74fb2609453eb695bd2f860d389e457f67dc17cafc8b8cbc89d0c33"
+
+[[package]]
+name = "objc2-foundation"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0ee638a5da3799329310ad4cfa62fbf045d5f56e3ef5ba4149e7452dcf89d5a8"
+dependencies = [
+ "bitflags 2.11.1",
+ "block2",
+ "dispatch",
+ "libc",
+ "objc2 0.5.2",
+]
+
+[[package]]
+name = "objc2-foundation"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3e0adef53c21f888deb4fa59fc59f7eb17404926ee8a6f59f5df0fd7f9f3272"
+dependencies = [
+ "bitflags 2.11.1",
+ "objc2 0.6.4",
+ "objc2-core-foundation",
+]
+
+[[package]]
+name = "objc2-io-surface"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "180788110936d59bab6bd83b6060ffdfffb3b922ba1396b312ae795e1de9d81d"
+dependencies = [
+ "bitflags 2.11.1",
+ "objc2 0.6.4",
+ "objc2-core-foundation",
+]
+
+[[package]]
+name = "objc2-link-presentation"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1a1ae721c5e35be65f01a03b6d2ac13a54cb4fa70d8a5da293d7b0020261398"
+dependencies = [
+ "block2",
+ "objc2 0.5.2",
+ "objc2-app-kit 0.2.2",
+ "objc2-foundation 0.2.2",
+]
+
+[[package]]
+name = "objc2-metal"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dd0cba1276f6023976a406a14ffa85e1fdd19df6b0f737b063b95f6c8c7aadd6"
+dependencies = [
+ "bitflags 2.11.1",
+ "block2",
+ "objc2 0.5.2",
+ "objc2-foundation 0.2.2",
+]
+
+[[package]]
+name = "objc2-quartz-core"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e42bee7bff906b14b167da2bac5efe6b6a07e6f7c0a21a7308d40c960242dc7a"
+dependencies = [
+ "bitflags 2.11.1",
+ "block2",
+ "objc2 0.5.2",
+ "objc2-foundation 0.2.2",
+ "objc2-metal",
+]
+
+[[package]]
+name = "objc2-symbols"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0a684efe3dec1b305badae1a28f6555f6ddd3bb2c2267896782858d5a78404dc"
+dependencies = [
+ "objc2 0.5.2",
+ "objc2-foundation 0.2.2",
+]
+
+[[package]]
+name = "objc2-ui-kit"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b8bb46798b20cd6b91cbd113524c490f1686f4c4e8f49502431415f3512e2b6f"
+dependencies = [
+ "bitflags 2.11.1",
+ "block2",
+ "objc2 0.5.2",
+ "objc2-cloud-kit",
+ "objc2-core-data",
+ "objc2-core-image",
+ "objc2-core-location",
+ "objc2-foundation 0.2.2",
+ "objc2-link-presentation",
+ "objc2-quartz-core",
+ "objc2-symbols",
+ "objc2-uniform-type-identifiers",
+ "objc2-user-notifications",
+]
+
+[[package]]
+name = "objc2-uniform-type-identifiers"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "44fa5f9748dbfe1ca6c0b79ad20725a11eca7c2218bceb4b005cb1be26273bfe"
+dependencies = [
+ "block2",
+ "objc2 0.5.2",
+ "objc2-foundation 0.2.2",
+]
+
+[[package]]
+name = "objc2-user-notifications"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76cfcbf642358e8689af64cee815d139339f3ed8ad05103ed5eaf73db8d84cb3"
+dependencies = [
+ "bitflags 2.11.1",
+ "block2",
+ "objc2 0.5.2",
+ "objc2-core-location",
+ "objc2-foundation 0.2.2",
 ]
 
 [[package]]
@@ -2164,7 +3253,7 @@ checksum = "f38c4372413cdaaf3cc79dd92d29d7d9f5ab09b51b10dded508fb90bb70b9222"
 dependencies = [
  "bitflags 2.11.1",
  "cfg-if",
- "foreign-types",
+ "foreign-types 0.3.2",
  "libc",
  "once_cell",
  "openssl-macros",
@@ -2284,6 +3373,25 @@ dependencies = [
  "thiserror 2.0.18",
 ]
 
+[[package]]
+name = "orbclient"
+version = "0.3.55"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5df339f526ea9a60e371768d50efc2f2508c7203290731565d1f7a6f71d21747"
+dependencies = [
+ "libc",
+ "libredox",
+]
+
+[[package]]
+name = "owned_ttf_parser"
+version = "0.25.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "36820e9051aca1014ddc75770aab4d68bc1e9e632f0f5627c4086bc216fb583b"
+dependencies = [
+ "ttf-parser",
+]
+
 [[package]]
 name = "parking_lot"
 version = "0.12.5"
@@ -2302,7 +3410,7 @@ checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1"
 dependencies = [
  "cfg-if",
  "libc",
- "redox_syscall",
+ "redox_syscall 0.5.18",
  "smallvec",
  "windows-link",
 ]
@@ -2397,6 +3505,12 @@ version = "0.3.33"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e"
 
+[[package]]
+name = "plain"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
+
 [[package]]
 name = "platform-agent"
 version = "0.1.0"
@@ -2543,12 +3657,41 @@ dependencies = [
  "miniz_oxide",
 ]
 
+[[package]]
+name = "polling"
+version = "3.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d0e4f59085d47d8241c88ead0f274e8a0cb551f3625263c05eb8dd897c34218"
+dependencies = [
+ "cfg-if",
+ "concurrent-queue",
+ "hermit-abi",
+ "pin-project-lite",
+ "rustix 1.1.4",
+ "windows-sys 0.61.2",
+]
+
 [[package]]
 name = "pom"
 version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "60f6ce597ecdcc9a098e7fddacb1065093a3d66446fa16c675e7e71d1b5c28e6"
 
+[[package]]
+name = "portable-atomic"
+version = "1.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49"
+
+[[package]]
+name = "portable-atomic-util"
+version = "0.2.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2a106d1259c23fac8e543272398ae0e3c0b8d33c88ed73d0cc71b0f1d902618"
+dependencies = [
+ "portable-atomic",
+]
+
 [[package]]
 name = "postscript"
 version = "0.14.1"
@@ -2589,6 +3732,15 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "proc-macro-crate"
+version = "3.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e67ba7e9b2b56446f1d419b1d807906278ffa1a658a8a5d8a39dcb1f5a78614f"
+dependencies = [
+ "toml_edit",
+]
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.106"
@@ -2598,6 +3750,12 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "profiling"
+version = "1.0.18"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3d595e54a326bc53c1c197b32d295e14b169e3cfeaa8dc82b529f947fba6bcf5"
+
 [[package]]
 name = "prometheus"
 version = "0.14.0"
@@ -2668,6 +3826,15 @@ version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
 
+[[package]]
+name = "quick-xml"
+version = "0.39.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cdcc8dd4e2f670d309a5f0e83fe36dfdc05af317008fea29144da1a2ac858e5e"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "quinn"
 version = "0.11.9"
@@ -2679,9 +3846,9 @@ dependencies = [
  "pin-project-lite",
  "quinn-proto",
  "quinn-udp",
- "rustc-hash",
+ "rustc-hash 2.1.2",
  "rustls",
- "socket2 0.5.10",
+ "socket2 0.6.3",
  "thiserror 2.0.18",
  "tokio",
  "tracing",
@@ -2699,7 +3866,7 @@ dependencies = [
  "lru-slab",
  "rand 0.9.4",
  "ring",
- "rustc-hash",
+ "rustc-hash 2.1.2",
  "rustls",
  "rustls-pki-types",
  "slab",
@@ -2718,7 +3885,7 @@ dependencies = [
  "cfg_aliases",
  "libc",
  "once_cell",
- "socket2 0.5.10",
+ "socket2 0.6.3",
  "tracing",
  "windows-sys 0.59.0",
 ]
@@ -2809,6 +3976,12 @@ version = "1.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "973443cf09a9c8656b574a866ab68dfa19f0867d0340648c7d2f6a71b8a8ea68"
 
+[[package]]
+name = "raw-window-handle"
+version = "0.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "20675572f6f24e9e76ef639bc5552774ed45f1c30e2951e1e99c59888861c539"
+
 [[package]]
 name = "rayon"
 version = "1.12.0"
@@ -2829,6 +4002,15 @@ dependencies = [
  "crossbeam-utils",
 ]
 
+[[package]]
+name = "redox_syscall"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4722d768eff46b75989dd134e5c353f0d6296e5aaa3132e776cbdb56be7731aa"
+dependencies = [
+ "bitflags 1.3.2",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.5.18"
@@ -2838,6 +4020,15 @@ dependencies = [
  "bitflags 2.11.1",
 ]
 
+[[package]]
+name = "redox_syscall"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b44b894f2a6e36457d665d1e08c3866add6ed5e70050c1b4ba8a8ddedb02ce7"
+dependencies = [
+ "bitflags 2.11.1",
+]
+
 [[package]]
 name = "ref-cast"
 version = "1.0.25"
@@ -2887,6 +4078,12 @@ version = "0.8.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
 
+[[package]]
+name = "renderdoc-sys"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "19b30a45b0cd0bcca8037f3d0dc3421eaf95327a17cad11964fb8179b4fc4832"
+
 [[package]]
 name = "reqwest"
 version = "0.11.27"
@@ -2987,6 +4184,12 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
+[[package]]
+name = "rustc-hash"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+
 [[package]]
 name = "rustc-hash"
 version = "2.1.2"
@@ -3002,6 +4205,19 @@ dependencies = [
  "semver",
 ]
 
+[[package]]
+name = "rustix"
+version = "0.38.44"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fdb5bc1ae2baa591800df16c9ca78619bf65c0488b41b96ccec5d11220d8c154"
+dependencies = [
+ "bitflags 2.11.1",
+ "errno",
+ "libc",
+ "linux-raw-sys 0.4.15",
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "rustix"
 version = "1.1.4"
@@ -3011,8 +4227,8 @@ dependencies = [
  "bitflags 2.11.1",
  "errno",
  "libc",
- "linux-raw-sys",
- "windows-sys 0.59.0",
+ "linux-raw-sys 0.12.1",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -3071,6 +4287,15 @@ version = "1.0.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f"
 
+[[package]]
+name = "same-file"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "93fc1dc3aaa9bfed95e02e6eadabb4baf7e3078b0bd1b4d7b6b0b68378900502"
+dependencies = [
+ "winapi-util",
+]
+
 [[package]]
 name = "schannel"
 version = "0.1.29"
@@ -3153,7 +4378,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02"
 dependencies = [
  "bitflags 2.11.1",
- "core-foundation",
+ "core-foundation 0.9.4",
  "core-foundation-sys",
  "libc",
  "security-framework-sys",
@@ -3292,6 +4517,13 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "server-manager-panel"
+version = "0.1.0"
+dependencies = [
+ "eframe",
+]
+
 [[package]]
 name = "sha1"
 version = "0.10.6"
@@ -3384,6 +4616,22 @@ version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "703d5c7ef118737c72f1af64ad2f6f8c5e1921f818cdcb97b8fe6fc69bf66214"
 
+[[package]]
+name = "simd_cesu8"
+version = "1.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "94f90157bb87cddf702797c5dadfa0be7d266cdf49e22da2fcaa32eff75b2c33"
+dependencies = [
+ "rustc_version",
+ "simdutf8",
+]
+
+[[package]]
+name = "simdutf8"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3a9fe34e3e7a50316060351f37187a3f546bce95496156754b601a5fa71b76e"
+
 [[package]]
 name = "similar"
 version = "2.7.0"
@@ -3408,12 +4656,93 @@ version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5"
 
+[[package]]
+name = "slotmap"
+version = "1.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bdd58c3c93c3d278ca835519292445cb4b0d4dc59ccfdf7ceadaab3f8aeb4038"
+dependencies = [
+ "version_check",
+]
+
 [[package]]
 name = "smallvec"
 version = "1.15.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
 
+[[package]]
+name = "smithay-client-toolkit"
+version = "0.19.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3457dea1f0eb631b4034d61d4d8c32074caa6cd1ab2d59f2327bd8461e2c0016"
+dependencies = [
+ "bitflags 2.11.1",
+ "calloop 0.13.0",
+ "calloop-wayland-source 0.3.0",
+ "cursor-icon",
+ "libc",
+ "log",
+ "memmap2",
+ "rustix 0.38.44",
+ "thiserror 1.0.69",
+ "wayland-backend",
+ "wayland-client",
+ "wayland-csd-frame",
+ "wayland-cursor",
+ "wayland-protocols",
+ "wayland-protocols-wlr",
+ "wayland-scanner",
+ "xkeysym",
+]
+
+[[package]]
+name = "smithay-client-toolkit"
+version = "0.20.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0512da38f5e2b31201a93524adb8d3136276fa4fe4aafab4e1f727a82b534cc0"
+dependencies = [
+ "bitflags 2.11.1",
+ "calloop 0.14.4",
+ "calloop-wayland-source 0.4.1",
+ "cursor-icon",
+ "libc",
+ "log",
+ "memmap2",
+ "rustix 1.1.4",
+ "thiserror 2.0.18",
+ "wayland-backend",
+ "wayland-client",
+ "wayland-csd-frame",
+ "wayland-cursor",
+ "wayland-protocols",
+ "wayland-protocols-experimental",
+ "wayland-protocols-misc",
+ "wayland-protocols-wlr",
+ "wayland-scanner",
+ "xkeysym",
+]
+
+[[package]]
+name = "smithay-clipboard"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "71704c03f739f7745053bde45fa203a46c58d25bc5c4efba1d9a60e9dba81226"
+dependencies = [
+ "libc",
+ "smithay-client-toolkit 0.20.0",
+ "wayland-backend",
+]
+
+[[package]]
+name = "smol_str"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dd538fb6910ac1099850255cf94a94df6551fbdd602454387d0adb2d1ca6dead"
+dependencies = [
+ "serde",
+]
+
 [[package]]
 name = "socket2"
 version = "0.5.10"
@@ -3776,6 +5105,12 @@ version = "1.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596"
 
+[[package]]
+name = "static_assertions"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
+
 [[package]]
 name = "strsim"
 version = "0.11.1"
@@ -3854,7 +5189,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7"
 dependencies = [
  "bitflags 1.3.2",
- "core-foundation",
+ "core-foundation 0.9.4",
  "system-configuration-sys",
 ]
 
@@ -3877,8 +5212,8 @@ dependencies = [
  "fastrand",
  "getrandom 0.4.2",
  "once_cell",
- "rustix",
- "windows-sys 0.59.0",
+ "rustix 1.1.4",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -3943,6 +5278,20 @@ dependencies = [
  "cfg-if",
 ]
 
+[[package]]
+name = "tiff"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b63feaf3343d35b6ca4d50483f94843803b0f51634937cc2ec519fc32232bc52"
+dependencies = [
+ "fax",
+ "flate2",
+ "half",
+ "quick-error",
+ "weezl",
+ "zune-jpeg",
+]
+
 [[package]]
 name = "time"
 version = "0.3.47"
@@ -4303,6 +5652,12 @@ version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
 
+[[package]]
+name = "ttf-parser"
+version = "0.25.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d2df906b07856748fa3f6e0ad0cbaa047052d4a7dd609e231c4f72cee8c36f31"
+
 [[package]]
 name = "tungstenite"
 version = "0.27.0"
@@ -4340,6 +5695,15 @@ dependencies = [
  "thiserror 2.0.18",
 ]
 
+[[package]]
+name = "type-map"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cb30dbbd9036155e74adad6812e9898d03ec374946234fbcebd5dfc7b9187b90"
+dependencies = [
+ "rustc-hash 2.1.2",
+]
+
 [[package]]
 name = "type1-encoding-parser"
 version = "0.1.1"
@@ -4382,6 +5746,12 @@ version = "1.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9629274872b2bfaf8d66f5f15725007f635594914870f65218920345aa11aa8c"
 
+[[package]]
+name = "unicode-width"
+version = "0.2.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4ac048d71ede7ee76d585517add45da530660ef4390e49b098733c6e897f254"
+
 [[package]]
 name = "unicode-xid"
 version = "0.2.6"
@@ -4454,6 +5824,16 @@ version = "0.9.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
 
+[[package]]
+name = "walkdir"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "29790946404f91d9c5d06f9874efddea1dc06c5efe94541a7d6863108e3a5e4b"
+dependencies = [
+ "same-file",
+ "winapi-util",
+]
+
 [[package]]
 name = "want"
 version = "0.3.1"
@@ -4589,6 +5969,141 @@ dependencies = [
  "semver",
 ]
 
+[[package]]
+name = "wayland-backend"
+version = "0.3.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2857dd20b54e916ec7253b3d6b4d5c4d7d4ca2c33c2e11c6c76a99bd8744755d"
+dependencies = [
+ "cc",
+ "downcast-rs",
+ "rustix 1.1.4",
+ "scoped-tls",
+ "smallvec",
+ "wayland-sys",
+]
+
+[[package]]
+name = "wayland-client"
+version = "0.31.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "645c7c96bb74690c3189b5c9cb4ca1627062bb23693a4fad9d8c3de958260144"
+dependencies = [
+ "bitflags 2.11.1",
+ "rustix 1.1.4",
+ "wayland-backend",
+ "wayland-scanner",
+]
+
+[[package]]
+name = "wayland-csd-frame"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "625c5029dbd43d25e6aa9615e88b829a5cad13b2819c4ae129fdbb7c31ab4c7e"
+dependencies = [
+ "bitflags 2.11.1",
+ "cursor-icon",
+ "wayland-backend",
+]
+
+[[package]]
+name = "wayland-cursor"
+version = "0.31.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4a52d18780be9b1314328a3de5f930b73d2200112e3849ca6cb11822793fb34d"
+dependencies = [
+ "rustix 1.1.4",
+ "wayland-client",
+ "xcursor",
+]
+
+[[package]]
+name = "wayland-protocols"
+version = "0.32.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "563a85523cade2429938e790815fd7319062103b9f4a2dc806e9b53b95982d8f"
+dependencies = [
+ "bitflags 2.11.1",
+ "wayland-backend",
+ "wayland-client",
+ "wayland-scanner",
+]
+
+[[package]]
+name = "wayland-protocols-experimental"
+version = "20250721.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "40a1f863128dcaaec790d7b4b396cc9b9a7a079e878e18c47e6c2d2c5a8dcbb1"
+dependencies = [
+ "bitflags 2.11.1",
+ "wayland-backend",
+ "wayland-client",
+ "wayland-protocols",
+ "wayland-scanner",
+]
+
+[[package]]
+name = "wayland-protocols-misc"
+version = "0.3.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e9567599ef23e09b8dad6e429e5738d4509dfc46b3b21f32841a304d16b29c8"
+dependencies = [
+ "bitflags 2.11.1",
+ "wayland-backend",
+ "wayland-client",
+ "wayland-protocols",
+ "wayland-scanner",
+]
+
+[[package]]
+name = "wayland-protocols-plasma"
+version = "0.3.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2b6d8cf1eb2c1c31ed1f5643c88a6e53538129d4af80030c8cabd1f9fa884d91"
+dependencies = [
+ "bitflags 2.11.1",
+ "wayland-backend",
+ "wayland-client",
+ "wayland-protocols",
+ "wayland-scanner",
+]
+
+[[package]]
+name = "wayland-protocols-wlr"
+version = "0.3.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eb04e52f7836d7c7976c78ca0250d61e33873c34156a2a1fc9474828ec268234"
+dependencies = [
+ "bitflags 2.11.1",
+ "wayland-backend",
+ "wayland-client",
+ "wayland-protocols",
+ "wayland-scanner",
+]
+
+[[package]]
+name = "wayland-scanner"
+version = "0.31.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c324a910fd86ebdc364a3e61ec1f11737d3b1d6c273c0239ee8ff4bc0d24b4a"
+dependencies = [
+ "proc-macro2",
+ "quick-xml",
+ "quote",
+]
+
+[[package]]
+name = "wayland-sys"
+version = "0.31.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d8eab23fefc9e41f8e841df4a9c707e8a8c4ed26e944ef69297184de2785e3be"
+dependencies = [
+ "dlib",
+ "log",
+ "once_cell",
+ "pkg-config",
+]
+
 [[package]]
 name = "web-sys"
 version = "0.3.95"
@@ -4609,6 +6124,22 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webbrowser"
+version = "1.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fc95580916af1e68ff6a7be07446fc5db73ebf71cf092de939bbf5f7e189f72"
+dependencies = [
+ "core-foundation 0.10.1",
+ "jni",
+ "log",
+ "ndk-context",
+ "objc2 0.6.4",
+ "objc2-foundation 0.3.2",
+ "url",
+ "web-sys",
+]
+
 [[package]]
 name = "webp"
 version = "0.3.1"
@@ -4643,13 +6174,109 @@ version = "0.1.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a28ac98ddc8b9274cb41bb4d9d4d5c425b6020c50c46f25559911905610b4a88"
 
+[[package]]
+name = "wgpu"
+version = "27.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfe68bac7cde125de7a731c3400723cadaaf1703795ad3f4805f187459cd7a77"
+dependencies = [
+ "arrayvec",
+ "bitflags 2.11.1",
+ "cfg-if",
+ "cfg_aliases",
+ "document-features",
+ "hashbrown 0.16.1",
+ "log",
+ "portable-atomic",
+ "profiling",
+ "raw-window-handle",
+ "smallvec",
+ "static_assertions",
+ "wgpu-core",
+ "wgpu-hal",
+ "wgpu-types",
+]
+
+[[package]]
+name = "wgpu-core"
+version = "27.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "27a75de515543b1897b26119f93731b385a19aea165a1ec5f0e3acecc229cae7"
+dependencies = [
+ "arrayvec",
+ "bit-set",
+ "bit-vec",
+ "bitflags 2.11.1",
+ "bytemuck",
+ "cfg_aliases",
+ "document-features",
+ "hashbrown 0.16.1",
+ "indexmap 2.14.0",
+ "log",
+ "naga",
+ "once_cell",
+ "parking_lot",
+ "portable-atomic",
+ "profiling",
+ "raw-window-handle",
+ "rustc-hash 1.1.0",
+ "smallvec",
+ "thiserror 2.0.18",
+ "wgpu-core-deps-windows-linux-android",
+ "wgpu-hal",
+ "wgpu-types",
+]
+
+[[package]]
+name = "wgpu-core-deps-windows-linux-android"
+version = "27.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "71197027d61a71748e4120f05a9242b2ad142e3c01f8c1b47707945a879a03c3"
+dependencies = [
+ "wgpu-hal",
+]
+
+[[package]]
+name = "wgpu-hal"
+version = "27.0.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b21cb61c57ee198bc4aff71aeadff4cbb80b927beb912506af9c780d64313ce"
+dependencies = [
+ "bitflags 2.11.1",
+ "cfg-if",
+ "cfg_aliases",
+ "libloading",
+ "log",
+ "naga",
+ "portable-atomic",
+ "portable-atomic-util",
+ "raw-window-handle",
+ "renderdoc-sys",
+ "thiserror 2.0.18",
+ "wgpu-types",
+]
+
+[[package]]
+name = "wgpu-types"
+version = "27.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "afdcf84c395990db737f2dd91628706cb31e86d72e53482320d368e52b5da5eb"
+dependencies = [
+ "bitflags 2.11.1",
+ "bytemuck",
+ "js-sys",
+ "log",
+ "thiserror 2.0.18",
+ "web-sys",
+]
+
 [[package]]
 name = "winapi-util"
 version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.48.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -4868,6 +6495,57 @@ version = "0.52.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
+[[package]]
+name = "winit"
+version = "0.30.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a6755fa58a9f8350bd1e472d4c3fcc25f824ec358933bba33306d0b63df5978d"
+dependencies = [
+ "ahash",
+ "android-activity",
+ "atomic-waker",
+ "bitflags 2.11.1",
+ "block2",
+ "bytemuck",
+ "calloop 0.13.0",
+ "cfg_aliases",
+ "concurrent-queue",
+ "core-foundation 0.9.4",
+ "core-graphics",
+ "cursor-icon",
+ "dpi",
+ "js-sys",
+ "libc",
+ "memmap2",
+ "ndk",
+ "objc2 0.5.2",
+ "objc2-app-kit 0.2.2",
+ "objc2-foundation 0.2.2",
+ "objc2-ui-kit",
+ "orbclient",
+ "percent-encoding",
+ "pin-project",
+ "raw-window-handle",
+ "redox_syscall 0.4.1",
+ "rustix 0.38.44",
+ "smithay-client-toolkit 0.19.2",
+ "smol_str",
+ "tracing",
+ "unicode-segmentation",
+ "wasm-bindgen",
+ "wasm-bindgen-futures",
+ "wayland-backend",
+ "wayland-client",
+ "wayland-protocols",
+ "wayland-protocols-plasma",
+ "web-sys",
+ "web-time",
+ "windows-sys 0.52.0",
+ "x11-dl",
+ "x11rb",
+ "xkbcommon-dl",
+]
+
 [[package]]
 name = "winnow"
 version = "1.0.1"
@@ -4987,6 +6665,69 @@ version = "0.6.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4"
 
+[[package]]
+name = "x11-dl"
+version = "2.21.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38735924fedd5314a6e548792904ed8c6de6636285cb9fec04d5b1db85c1516f"
+dependencies = [
+ "libc",
+ "once_cell",
+ "pkg-config",
+]
+
+[[package]]
+name = "x11rb"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9993aa5be5a26815fe2c3eacfc1fde061fc1a1f094bf1ad2a18bf9c495dd7414"
+dependencies = [
+ "as-raw-xcb-connection",
+ "gethostname",
+ "libc",
+ "libloading",
+ "once_cell",
+ "rustix 1.1.4",
+ "x11rb-protocol",
+]
+
+[[package]]
+name = "x11rb-protocol"
+version = "0.13.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ea6fc2961e4ef194dcbfe56bb845534d0dc8098940c7e5c012a258bfec6701bd"
+
+[[package]]
+name = "xcursor"
+version = "0.3.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bec9e4a500ca8864c5b47b8b482a73d62e4237670e5b5f1d6b9e3cae50f28f2b"
+
+[[package]]
+name = "xkbcommon-dl"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d039de8032a9a8856a6be89cea3e5d12fdd82306ab7c94d74e6deab2460651c5"
+dependencies = [
+ "bitflags 2.11.1",
+ "dlib",
+ "log",
+ "once_cell",
+ "xkeysym",
+]
+
+[[package]]
+name = "xkeysym"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b9cc00251562a284751c9973bace760d86c0276c471b4be569fe6b068ee97a56"
+
+[[package]]
+name = "xml-rs"
+version = "0.8.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ae8337f8a065cfc972643663ea4279e04e7256de865aa66fe25cec5fb912d3f"
+
 [[package]]
 name = "yoke"
 version = "0.8.2"
diff --git a/server-rs/Cargo.toml b/server-rs/Cargo.toml
index cdc461bd..41834fac 100644
--- a/server-rs/Cargo.toml
+++ b/server-rs/Cargo.toml
@@ -40,6 +40,7 @@ members = [
     "crates/platform-wechat",
     "crates/platform-speech",
     "crates/platform-agent",
+    "crates/server-manager-panel",
     "crates/shared-contracts",
     "crates/shared-kernel",
     "crates/shared-logging",
diff --git a/server-rs/crates/server-manager-panel/Cargo.toml b/server-rs/crates/server-manager-panel/Cargo.toml
new file mode 100644
index 00000000..cf41e79f
--- /dev/null
+++ b/server-rs/crates/server-manager-panel/Cargo.toml
@@ -0,0 +1,13 @@
+[package]
+name = "server-manager-panel"
+edition.workspace = true
+version.workspace = true
+license.workspace = true
+
+[dependencies]
+eframe = { version = "0.33", default-features = false, features = [
+    "default_fonts",
+    "glow",
+    "wayland",
+    "x11",
+] }
diff --git a/server-rs/crates/server-manager-panel/src/app.rs b/server-rs/crates/server-manager-panel/src/app.rs
new file mode 100644
index 00000000..29463956
--- /dev/null
+++ b/server-rs/crates/server-manager-panel/src/app.rs
@@ -0,0 +1,577 @@
+use eframe::egui;
+
+use crate::health::{
+    DiskSnapshot, HealthLevel, MemorySnapshot, ProbeSnapshot, ServerHealthReport, ServiceSnapshot,
+};
+use crate::remote::{
+    RemoteEvent, RemoteReceiver, RemoteSender, ServiceAction, channel, spawn_health_check,
+    spawn_service_action,
+};
+use crate::ssh_config::{SshAlias, discover_ssh_aliases};
+
+const DEFAULT_MANAGED_SERVICES: &[&str] = &[
+    "genarrative-api.service",
+    "spacetimedb.service",
+    "nginx.service",
+    "genarrative-health-patrol.timer",
+    "genarrative-database-backup.timer",
+];
+
+#[derive(Debug)]
+pub struct ServerManagerApp {
+    servers: Vec<ServerState>,
+    selected_alias: Option<String>,
+    sidebar_collapsed: bool,
+    tx: RemoteSender,
+    rx: RemoteReceiver,
+    pending_confirmation: Option<ServiceConfirmation>,
+    custom_service_name: String,
+}
+
+impl Default for ServerManagerApp {
+    fn default() -> Self {
+        let (tx, rx) = channel();
+        let aliases = discover_ssh_aliases();
+        let selected_alias = aliases.first().map(|alias| alias.name.clone());
+        Self {
+            servers: aliases.into_iter().map(ServerState::new).collect(),
+            selected_alias,
+            sidebar_collapsed: false,
+            tx,
+            rx,
+            pending_confirmation: None,
+            custom_service_name: String::new(),
+        }
+    }
+}
+
+impl eframe::App for ServerManagerApp {
+    fn update(&mut self, ctx: &egui::Context, _frame: &mut eframe::Frame) {
+        self.drain_remote_events(ctx);
+        self.render_confirm_dialog(ctx);
+
+        egui::TopBottomPanel::top("top_bar").show(ctx, |ui| {
+            ui.horizontal(|ui| {
+                if ui
+                    .button(if self.sidebar_collapsed {
+                        "展开侧栏"
+                    } else {
+                        "收起侧栏"
+                    })
+                    .clicked()
+                {
+                    self.sidebar_collapsed = !self.sidebar_collapsed;
+                }
+                if ui.button("重新读取 SSH alias").clicked() {
+                    self.reload_aliases();
+                }
+                if let Some(alias) = self.selected_alias.clone() {
+                    if ui.button("刷新当前服务器").clicked() {
+                        self.refresh_server(&alias);
+                    }
+                }
+                ui.separator();
+                ui.label("本地 SSH alias 管理");
+            });
+        });
+
+        if !self.sidebar_collapsed {
+            egui::SidePanel::left("server_sidebar")
+                .resizable(true)
+                .default_width(260.0)
+                .width_range(180.0..=360.0)
+                .show(ctx, |ui| self.render_sidebar(ui));
+        }
+
+        egui::CentralPanel::default().show(ctx, |ui| {
+            if self.servers.is_empty() {
+                self.render_empty_state(ui);
+                return;
+            }
+
+            let Some(alias) = self.selected_alias.clone() else {
+                self.render_empty_state(ui);
+                return;
+            };
+
+            if let Some(index) = self.server_index(&alias) {
+                self.render_server_detail(ui, index);
+            } else {
+                ui.label("请选择服务器");
+            }
+        });
+    }
+}
+
+impl ServerManagerApp {
+    fn drain_remote_events(&mut self, ctx: &egui::Context) {
+        while let Ok(event) = self.rx.try_recv() {
+            match event {
+                RemoteEvent::Health { alias, result } => {
+                    if let Some(server) = self.server_mut(&alias) {
+                        server.loading = false;
+                        match result {
+                            Ok(report) => {
+                                server.error = None;
+                                server.report = Some(report);
+                            }
+                            Err(error) => {
+                                server.error = Some(error);
+                            }
+                        }
+                    }
+                }
+                RemoteEvent::ServiceAction {
+                    alias,
+                    service,
+                    action,
+                    result,
+                } => {
+                    if let Some(server) = self.server_mut(&alias) {
+                        server.action_in_progress = None;
+                        server.action_log = Some(format!(
+                            "{} {}: {}\n{}{}",
+                            action.label(),
+                            service,
+                            result.summary,
+                            result.stdout,
+                            result.stderr
+                        ));
+                        server.loading = true;
+                        spawn_health_check(alias, self.tx.clone());
+                    }
+                }
+            }
+            ctx.request_repaint();
+        }
+    }
+
+    fn render_sidebar(&mut self, ui: &mut egui::Ui) {
+        ui.heading("服务器");
+        ui.add_space(8.0);
+        let mut refresh_alias: Option<String> = None;
+
+        for server in &mut self.servers {
+            let selected = self.selected_alias.as_deref() == Some(server.alias.name.as_str());
+            let response = ui.selectable_label(selected, server_label(server));
+            if response.clicked() {
+                self.selected_alias = Some(server.alias.name.clone());
+            }
+            response.on_hover_text(server.alias.source.display().to_string());
+            ui.horizontal(|ui| {
+                let status = server.status();
+                ui.colored_label(level_color(status), status.label());
+                if server.loading {
+                    ui.spinner();
+                }
+                if ui.small_button("刷新").clicked() {
+                    refresh_alias = Some(server.alias.name.clone());
+                }
+            });
+            ui.add_space(6.0);
+        }
+
+        if let Some(alias) = refresh_alias {
+            self.refresh_server(&alias);
+        }
+    }
+
+    fn render_empty_state(&mut self, ui: &mut egui::Ui) {
+        ui.vertical_centered(|ui| {
+            ui.heading("未发现 SSH alias");
+            ui.label("请在 ~/.ssh/config 中配置 Host alias 后重新读取。");
+            if ui.button("重新读取").clicked() {
+                self.reload_aliases();
+            }
+        });
+    }
+
+    fn render_server_detail(&mut self, ui: &mut egui::Ui, index: usize) {
+        let alias = self.servers[index].alias.name.clone();
+        let status = self.servers[index].status();
+        let loading = self.servers[index].loading;
+        let report = self.servers[index].report.clone();
+        let error = self.servers[index].error.clone();
+        let action_log = self.servers[index].action_log.clone();
+
+        ui.horizontal(|ui| {
+            ui.heading(&alias);
+            ui.colored_label(level_color(status), status.label());
+            if loading {
+                ui.spinner();
+            }
+        });
+        ui.add_space(8.0);
+
+        if let Some(error) = error {
+            ui.colored_label(warning_color(), format!("SSH 巡检失败：{error}"));
+            ui.add_space(8.0);
+        }
+
+        if let Some(report) = report {
+            self.render_report(ui, &alias, &report);
+        } else {
+            ui.label("尚未执行巡检。");
+        }
+
+        ui.add_space(12.0);
+        self.render_service_controls(ui, &alias, index);
+
+        if let Some(log) = action_log {
+            ui.add_space(12.0);
+            egui::CollapsingHeader::new("最近一次服务操作输出")
+                .default_open(true)
+                .show(ui, |ui| {
+                    ui.add(
+                        egui::TextEdit::multiline(&mut log.clone())
+                            .font(egui::TextStyle::Monospace)
+                            .desired_rows(8)
+                            .interactive(false),
+                    );
+                });
+        }
+    }
+
+    fn render_report(&self, ui: &mut egui::Ui, alias: &str, report: &ServerHealthReport) {
+        egui::ScrollArea::vertical().show(ui, |ui| {
+            ui.horizontal_wrapped(|ui| {
+                info_chip(ui, "主机", value_or_dash(&report.host.hostname));
+                info_chip(ui, "内核", value_or_dash(&report.host.kernel));
+                info_chip(ui, "运行时间", value_or_dash(&report.host.uptime));
+                info_chip(ui, "检查时间", value_or_dash(&report.checked_at));
+            });
+
+            ui.add_space(10.0);
+            egui::CollapsingHeader::new("硬件状态")
+                .default_open(true)
+                .show(ui, |ui| {
+                    ui.horizontal_wrapped(|ui| {
+                        info_chip(ui, "CPU", value_or_dash(&report.hardware.cpu_model));
+                        info_chip(ui, "核心", value_or_dash(&report.hardware.cpu_cores));
+                        info_chip(ui, "负载", value_or_dash(&report.hardware.load_average));
+                    });
+                    ui.add_space(6.0);
+                    memory_row(ui, "内存", &report.hardware.memory);
+                    memory_row(ui, "Swap", &report.hardware.swap);
+                    ui.add_space(6.0);
+                    for disk in &report.hardware.disks {
+                        disk_row(ui, disk);
+                    }
+                    ui.add_space(6.0);
+                    for sensor in &report.hardware.sensors {
+                        ui.label(sensor);
+                    }
+                });
+
+            egui::CollapsingHeader::new("服务状态")
+                .default_open(true)
+                .show(ui, |ui| {
+                    egui::Grid::new(format!("{alias}_services"))
+                        .striped(true)
+                        .show(ui, |ui| {
+                            ui.strong("服务");
+                            ui.strong("状态");
+                            ui.strong("子状态");
+                            ui.strong("Unit");
+                            ui.end_row();
+                            for service in &report.services {
+                                service_row(ui, service);
+                            }
+                        });
+                });
+
+            egui::CollapsingHeader::new("HTTP 探测")
+                .default_open(true)
+                .show(ui, |ui| {
+                    egui::Grid::new(format!("{alias}_probes"))
+                        .striped(true)
+                        .show(ui, |ui| {
+                            ui.strong("探测");
+                            ui.strong("状态码");
+                            ui.strong("耗时");
+                            ui.strong("目标");
+                            ui.end_row();
+                            for probe in &report.probes {
+                                probe_row(ui, probe);
+                            }
+                        });
+                });
+
+            if let Some(patrol) = &report.health_patrol {
+                egui::CollapsingHeader::new("生产健康巡检")
+                    .default_open(true)
+                    .show(ui, |ui| {
+                        ui.horizontal(|ui| {
+                            ui.colored_label(level_color(patrol.level), &patrol.status);
+                            ui.label(value_or_dash(&patrol.checked_at));
+                            ui.label(value_or_dash(&patrol.summary));
+                        });
+                    });
+            }
+
+            egui::CollapsingHeader::new("原始巡检输出").show(ui, |ui| {
+                ui.add(
+                    egui::TextEdit::multiline(&mut report.raw_output.clone())
+                        .font(egui::TextStyle::Monospace)
+                        .desired_rows(12)
+                        .interactive(false),
+                );
+            });
+        });
+    }
+
+    fn render_service_controls(&mut self, ui: &mut egui::Ui, alias: &str, index: usize) {
+        ui.heading("服务控制");
+        ui.add_space(4.0);
+
+        let action_in_progress = self.servers[index].action_in_progress.clone();
+        for service in DEFAULT_MANAGED_SERVICES {
+            ui.horizontal(|ui| {
+                ui.label(*service);
+                for action in [
+                    ServiceAction::Start,
+                    ServiceAction::Stop,
+                    ServiceAction::Restart,
+                ] {
+                    let disabled = action_in_progress.is_some();
+                    if ui
+                        .add_enabled(!disabled, egui::Button::new(action.label()))
+                        .clicked()
+                    {
+                        self.pending_confirmation = Some(ServiceConfirmation {
+                            alias: alias.to_owned(),
+                            service: (*service).to_owned(),
+                            action,
+                        });
+                    }
+                }
+            });
+        }
+
+        ui.add_space(8.0);
+        ui.horizontal(|ui| {
+            ui.label("其他 unit");
+            ui.text_edit_singleline(&mut self.custom_service_name);
+            if ui.button("启动").clicked() {
+                self.confirm_custom_service(alias, ServiceAction::Start);
+            }
+            if ui.button("关闭").clicked() {
+                self.confirm_custom_service(alias, ServiceAction::Stop);
+            }
+            if ui.button("重启").clicked() {
+                self.confirm_custom_service(alias, ServiceAction::Restart);
+            }
+        });
+
+        if let Some(action) = action_in_progress {
+            ui.label(format!("正在执行：{action}"));
+        }
+    }
+
+    fn render_confirm_dialog(&mut self, ctx: &egui::Context) {
+        let Some(confirmation) = self.pending_confirmation.clone() else {
+            return;
+        };
+
+        egui::Window::new("确认服务操作")
+            .collapsible(false)
+            .resizable(false)
+            .show(ctx, |ui| {
+                ui.label(format!(
+                    "确认在 {} 上{} {}？",
+                    confirmation.alias,
+                    confirmation.action.label(),
+                    confirmation.service
+                ));
+                ui.add_space(8.0);
+                ui.horizontal(|ui| {
+                    if ui.button("确认").clicked() {
+                        self.execute_service_action(&confirmation);
+                        self.pending_confirmation = None;
+                    }
+                    if ui.button("取消").clicked() {
+                        self.pending_confirmation = None;
+                    }
+                });
+            });
+    }
+
+    fn reload_aliases(&mut self) {
+        let aliases = discover_ssh_aliases();
+        self.servers = aliases.into_iter().map(ServerState::new).collect();
+        self.selected_alias = self.servers.first().map(|server| server.alias.name.clone());
+    }
+
+    fn refresh_server(&mut self, alias: &str) {
+        if let Some(server) = self.server_mut(alias) {
+            server.loading = true;
+            server.error = None;
+        }
+        spawn_health_check(alias.to_owned(), self.tx.clone());
+    }
+
+    fn confirm_custom_service(&mut self, alias: &str, action: ServiceAction) {
+        let service = self.custom_service_name.trim();
+        if service.is_empty() {
+            return;
+        }
+        self.pending_confirmation = Some(ServiceConfirmation {
+            alias: alias.to_owned(),
+            service: service.to_owned(),
+            action,
+        });
+    }
+
+    fn execute_service_action(&mut self, confirmation: &ServiceConfirmation) {
+        if let Some(server) = self.server_mut(&confirmation.alias) {
+            server.action_in_progress = Some(format!(
+                "{} {}",
+                confirmation.action.label(),
+                confirmation.service
+            ));
+            server.action_log = None;
+        }
+        spawn_service_action(
+            confirmation.alias.clone(),
+            confirmation.service.clone(),
+            confirmation.action,
+            self.tx.clone(),
+        );
+    }
+
+    fn server_index(&self, alias: &str) -> Option<usize> {
+        self.servers
+            .iter()
+            .position(|server| server.alias.name == alias)
+    }
+
+    fn server_mut(&mut self, alias: &str) -> Option<&mut ServerState> {
+        self.servers
+            .iter_mut()
+            .find(|server| server.alias.name == alias)
+    }
+}
+
+#[derive(Debug, Clone)]
+struct ServiceConfirmation {
+    alias: String,
+    service: String,
+    action: ServiceAction,
+}
+
+#[derive(Debug)]
+struct ServerState {
+    alias: SshAlias,
+    report: Option<ServerHealthReport>,
+    loading: bool,
+    error: Option<String>,
+    action_in_progress: Option<String>,
+    action_log: Option<String>,
+}
+
+impl ServerState {
+    fn new(alias: SshAlias) -> Self {
+        Self {
+            alias,
+            report: None,
+            loading: false,
+            error: None,
+            action_in_progress: None,
+            action_log: None,
+        }
+    }
+
+    fn status(&self) -> HealthLevel {
+        if self.error.is_some() {
+            HealthLevel::Critical
+        } else {
+            self.report
+                .as_ref()
+                .map(|report| report.status)
+                .unwrap_or(HealthLevel::Unknown)
+        }
+    }
+}
+
+fn server_label(server: &ServerState) -> String {
+    let prefix = match server.status() {
+        HealthLevel::Ok => "[OK]",
+        HealthLevel::Warning => "[!]",
+        HealthLevel::Critical => "[X]",
+        HealthLevel::Unknown => "[?]",
+    };
+    format!("{prefix} {}", server.alias.name)
+}
+
+fn service_row(ui: &mut egui::Ui, service: &ServiceSnapshot) {
+    ui.label(&service.name);
+    ui.colored_label(level_color(service.level), &service.active);
+    ui.label(&service.sub);
+    ui.label(&service.unit_file);
+    ui.end_row();
+}
+
+fn probe_row(ui: &mut egui::Ui, probe: &ProbeSnapshot) {
+    ui.label(&probe.name);
+    ui.colored_label(level_color(probe.level), &probe.http_code);
+    ui.label(
+        probe
+            .elapsed_ms
+            .map(|elapsed| format!("{elapsed}ms"))
+            .unwrap_or_else(|| "-".to_owned()),
+    );
+    ui.label(&probe.target);
+    ui.end_row();
+}
+
+fn memory_row(ui: &mut egui::Ui, label: &str, memory: &MemorySnapshot) {
+    let percent = memory.used_percent.unwrap_or_default();
+    ui.horizontal(|ui| {
+        ui.label(label);
+        ui.add(egui::ProgressBar::new(f32::from(percent) / 100.0).text(format!("{percent}%")));
+        ui.label(format!(
+            "已用 {} / 总计 {}，可用 {}",
+            value_or_dash(&memory.used),
+            value_or_dash(&memory.total),
+            value_or_dash(&memory.available)
+        ));
+    });
+}
+
+fn disk_row(ui: &mut egui::Ui, disk: &DiskSnapshot) {
+    let percent = disk.used_percent.unwrap_or_default();
+    ui.horizontal(|ui| {
+        ui.label(&disk.mount);
+        ui.add(egui::ProgressBar::new(f32::from(percent) / 100.0).text(format!("{percent}%")));
+        ui.label(format!(
+            "{} 已用 {} / {}，可用 {}",
+            disk.filesystem, disk.used, disk.size, disk.available
+        ));
+    });
+}
+
+fn info_chip(ui: &mut egui::Ui, label: &str, value: &str) {
+    ui.group(|ui| {
+        ui.vertical(|ui| {
+            ui.small(label);
+            ui.label(value);
+        });
+    });
+}
+
+fn value_or_dash(value: &str) -> &str {
+    if value.trim().is_empty() { "-" } else { value }
+}
+
+fn level_color(level: HealthLevel) -> egui::Color32 {
+    match level {
+        HealthLevel::Ok => egui::Color32::from_rgb(38, 166, 91),
+        HealthLevel::Warning => egui::Color32::from_rgb(214, 137, 16),
+        HealthLevel::Critical => egui::Color32::from_rgb(205, 66, 70),
+        HealthLevel::Unknown => egui::Color32::from_rgb(120, 126, 136),
+    }
+}
+
+fn warning_color() -> egui::Color32 {
+    egui::Color32::from_rgb(205, 66, 70)
+}
diff --git a/server-rs/crates/server-manager-panel/src/fonts.rs b/server-rs/crates/server-manager-panel/src/fonts.rs
new file mode 100644
index 00000000..298e0e04
--- /dev/null
+++ b/server-rs/crates/server-manager-panel/src/fonts.rs
@@ -0,0 +1,128 @@
+use std::path::{Path, PathBuf};
+use std::process::Command;
+use std::sync::Arc;
+
+use eframe::egui::{FontData, FontDefinitions, FontFamily};
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct CjkFontCandidate {
+    pub path: PathBuf,
+    pub index: u32,
+}
+
+pub fn install_cjk_font(ctx: &eframe::egui::Context) -> Option<CjkFontCandidate> {
+    let candidate = find_cjk_font_candidate()?;
+    let bytes = std::fs::read(&candidate.path).ok()?;
+    let mut font_data = FontData::from_owned(bytes);
+    font_data.index = candidate.index;
+
+    let mut definitions = FontDefinitions::default();
+    definitions
+        .font_data
+        .insert("genarrative-cjk".to_owned(), Arc::new(font_data));
+
+    // 中文注释：作为 fallback 注入，保留 egui 默认拉丁/图标字体，同时补齐中文 glyph。
+    for family in [FontFamily::Proportional, FontFamily::Monospace] {
+        definitions
+            .families
+            .entry(family)
+            .or_default()
+            .push("genarrative-cjk".to_owned());
+    }
+
+    ctx.set_fonts(definitions);
+    Some(candidate)
+}
+
+pub fn find_cjk_font_candidate() -> Option<CjkFontCandidate> {
+    if let Ok(path) = std::env::var("GENARRATIVE_SERVER_PANEL_CJK_FONT") {
+        if let Some(candidate) = parse_font_spec(&path) {
+            return Some(candidate);
+        }
+    }
+
+    const KNOWN_PATHS: &[(&str, u32)] = &[
+        ("/usr/share/fonts/opentype/noto/NotoSansCJK-Regular.ttc", 2),
+        ("/usr/share/fonts/opentype/noto/NotoSansCJK-Medium.ttc", 2),
+        ("/usr/share/fonts/truetype/wqy/wqy-zenhei.ttc", 0),
+        ("/usr/share/fonts/truetype/wqy/wqy-microhei.ttc", 0),
+        (
+            "/usr/share/fonts/truetype/droid/DroidSansFallbackFull.ttf",
+            0,
+        ),
+        (
+            "/home/dsk/.local/share/fonts/genarrative-cjk/usr/share/fonts/truetype/wqy/wqy-zenhei.ttc",
+            0,
+        ),
+    ];
+
+    for (path, index) in KNOWN_PATHS {
+        if Path::new(path).is_file() {
+            return Some(CjkFontCandidate {
+                path: PathBuf::from(path),
+                index: *index,
+            });
+        }
+    }
+
+    for family in [
+        "Noto Sans CJK SC",
+        "WenQuanYi Zen Hei",
+        "Droid Sans Fallback",
+    ] {
+        if let Some(candidate) = find_with_fc_match(family) {
+            return Some(candidate);
+        }
+    }
+
+    None
+}
+
+fn parse_font_spec(raw: &str) -> Option<CjkFontCandidate> {
+    let trimmed = raw.trim();
+    if trimmed.is_empty() {
+        return None;
+    }
+    let (path, index) = trimmed
+        .rsplit_once('|')
+        .and_then(|(path, index)| Some((path, index.parse().ok()?)))
+        .unwrap_or((trimmed, 0));
+    let path = PathBuf::from(path);
+    path.is_file().then_some(CjkFontCandidate { path, index })
+}
+
+fn find_with_fc_match(family: &str) -> Option<CjkFontCandidate> {
+    let output = Command::new("fc-match")
+        .arg("-f")
+        .arg("%{file}|%{index}\n")
+        .arg(family)
+        .output()
+        .ok()?;
+    if !output.status.success() {
+        return None;
+    }
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    stdout.lines().find_map(parse_font_spec)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn parses_font_path_with_index() {
+        let candidate = parse_font_spec("/tmp/missing-font.ttc|2");
+        assert_eq!(candidate, None);
+    }
+
+    #[test]
+    fn finds_existing_system_cjk_font() {
+        let candidate = find_cjk_font_candidate();
+        assert!(
+            candidate
+                .as_ref()
+                .is_some_and(|candidate| candidate.path.is_file()),
+            "expected at least one CJK font on this development host"
+        );
+    }
+}
diff --git a/server-rs/crates/server-manager-panel/src/health.rs b/server-rs/crates/server-manager-panel/src/health.rs
new file mode 100644
index 00000000..beacc619
--- /dev/null
+++ b/server-rs/crates/server-manager-panel/src/health.rs
@@ -0,0 +1,474 @@
+use std::collections::BTreeMap;
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
+pub enum HealthLevel {
+    Unknown,
+    Ok,
+    Warning,
+    Critical,
+}
+
+impl HealthLevel {
+    pub fn label(self) -> &'static str {
+        match self {
+            HealthLevel::Unknown => "未知",
+            HealthLevel::Ok => "正常",
+            HealthLevel::Warning => "警告",
+            HealthLevel::Critical => "异常",
+        }
+    }
+
+    pub fn rank(self) -> u8 {
+        match self {
+            HealthLevel::Unknown => 1,
+            HealthLevel::Ok => 0,
+            HealthLevel::Warning => 2,
+            HealthLevel::Critical => 3,
+        }
+    }
+}
+
+#[derive(Debug, Clone)]
+pub struct ServerHealthReport {
+    pub status: HealthLevel,
+    pub checked_at: String,
+    pub host: HostSnapshot,
+    pub hardware: HardwareSnapshot,
+    pub services: Vec<ServiceSnapshot>,
+    pub probes: Vec<ProbeSnapshot>,
+    pub health_patrol: Option<HealthPatrolSnapshot>,
+    pub raw_output: String,
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct HostSnapshot {
+    pub hostname: String,
+    pub kernel: String,
+    pub uptime: String,
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct HardwareSnapshot {
+    pub cpu_model: String,
+    pub cpu_cores: String,
+    pub load_average: String,
+    pub memory: MemorySnapshot,
+    pub swap: MemorySnapshot,
+    pub disks: Vec<DiskSnapshot>,
+    pub sensors: Vec<String>,
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct MemorySnapshot {
+    pub total: String,
+    pub used: String,
+    pub free: String,
+    pub available: String,
+    pub used_percent: Option<u8>,
+}
+
+#[derive(Debug, Clone, Default)]
+pub struct DiskSnapshot {
+    pub mount: String,
+    pub filesystem: String,
+    pub size: String,
+    pub used: String,
+    pub available: String,
+    pub used_percent: Option<u8>,
+}
+
+#[derive(Debug, Clone)]
+pub struct ServiceSnapshot {
+    pub name: String,
+    pub active: String,
+    pub sub: String,
+    pub unit_file: String,
+    pub level: HealthLevel,
+}
+
+#[derive(Debug, Clone)]
+pub struct ProbeSnapshot {
+    pub name: String,
+    pub target: String,
+    pub http_code: String,
+    pub elapsed_ms: Option<u64>,
+    pub level: HealthLevel,
+}
+
+#[derive(Debug, Clone)]
+pub struct HealthPatrolSnapshot {
+    pub status: String,
+    pub checked_at: String,
+    pub summary: String,
+    pub level: HealthLevel,
+}
+
+pub fn parse_health_report(raw_output: &str) -> ServerHealthReport {
+    let mut sections: BTreeMap<String, Vec<String>> = BTreeMap::new();
+    let mut current = String::new();
+
+    for line in raw_output.lines() {
+        if let Some(name) = parse_section_marker(line) {
+            current = name.to_owned();
+            sections.entry(current.clone()).or_default();
+        } else if !current.is_empty() {
+            sections
+                .entry(current.clone())
+                .or_default()
+                .push(line.to_owned());
+        }
+    }
+
+    let mut report = ServerHealthReport {
+        status: HealthLevel::Unknown,
+        checked_at: section_value(&sections, "checked_at").unwrap_or_default(),
+        host: parse_host(&sections),
+        hardware: parse_hardware(&sections),
+        services: parse_services(&sections),
+        probes: parse_probes(&sections),
+        health_patrol: parse_health_patrol(&sections),
+        raw_output: raw_output.to_owned(),
+    };
+    report.status = summarize_report(&report);
+    report
+}
+
+pub fn summarize_report(report: &ServerHealthReport) -> HealthLevel {
+    let mut status = HealthLevel::Ok;
+    for level in report
+        .services
+        .iter()
+        .map(|service| service.level)
+        .chain(report.probes.iter().map(|probe| probe.level))
+        .chain(report.health_patrol.iter().map(|patrol| patrol.level))
+    {
+        if level.rank() > status.rank() {
+            status = level;
+        }
+    }
+
+    if let Some(used_percent) = report.hardware.memory.used_percent {
+        let memory_level = if used_percent >= 95 {
+            HealthLevel::Critical
+        } else if used_percent >= 85 {
+            HealthLevel::Warning
+        } else {
+            HealthLevel::Ok
+        };
+        if memory_level.rank() > status.rank() {
+            status = memory_level;
+        }
+    }
+
+    for disk in &report.hardware.disks {
+        let disk_level = match disk.used_percent {
+            Some(percent) if percent >= 95 => HealthLevel::Critical,
+            Some(percent) if percent >= 85 => HealthLevel::Warning,
+            _ => HealthLevel::Ok,
+        };
+        if disk_level.rank() > status.rank() {
+            status = disk_level;
+        }
+    }
+
+    status
+}
+
+fn parse_section_marker(line: &str) -> Option<&str> {
+    line.strip_prefix("==GENARRATIVE_PANEL:")
+        .and_then(|rest| rest.strip_suffix("=="))
+}
+
+fn section_value(sections: &BTreeMap<String, Vec<String>>, name: &str) -> Option<String> {
+    sections.get(name).and_then(|lines| {
+        lines
+            .iter()
+            .map(|line| line.trim())
+            .find(|line| !line.is_empty())
+            .map(str::to_owned)
+    })
+}
+
+fn parse_host(sections: &BTreeMap<String, Vec<String>>) -> HostSnapshot {
+    HostSnapshot {
+        hostname: section_value(sections, "hostname").unwrap_or_default(),
+        kernel: section_value(sections, "kernel").unwrap_or_default(),
+        uptime: section_value(sections, "uptime").unwrap_or_default(),
+    }
+}
+
+fn parse_hardware(sections: &BTreeMap<String, Vec<String>>) -> HardwareSnapshot {
+    HardwareSnapshot {
+        cpu_model: section_value(sections, "cpu_model").unwrap_or_default(),
+        cpu_cores: section_value(sections, "cpu_cores").unwrap_or_default(),
+        load_average: section_value(sections, "load_average").unwrap_or_default(),
+        memory: parse_memory(section_value(sections, "memory").as_deref()),
+        swap: parse_memory(section_value(sections, "swap").as_deref()),
+        disks: parse_disks(sections),
+        sensors: sections.get("sensors").cloned().unwrap_or_default(),
+    }
+}
+
+fn parse_memory(value: Option<&str>) -> MemorySnapshot {
+    let Some(value) = value else {
+        return MemorySnapshot::default();
+    };
+    let parts: Vec<&str> = value.split('|').collect();
+    MemorySnapshot {
+        total: parts.first().copied().unwrap_or_default().to_owned(),
+        used: parts.get(1).copied().unwrap_or_default().to_owned(),
+        free: parts.get(2).copied().unwrap_or_default().to_owned(),
+        available: parts.get(3).copied().unwrap_or_default().to_owned(),
+        used_percent: parts.get(4).and_then(|value| parse_percent(value)),
+    }
+}
+
+fn parse_disks(sections: &BTreeMap<String, Vec<String>>) -> Vec<DiskSnapshot> {
+    sections
+        .get("disks")
+        .into_iter()
+        .flatten()
+        .filter_map(|line| {
+            let parts: Vec<&str> = line.split('|').collect();
+            (parts.len() >= 6).then(|| DiskSnapshot {
+                filesystem: parts[0].to_owned(),
+                size: parts[1].to_owned(),
+                used: parts[2].to_owned(),
+                available: parts[3].to_owned(),
+                used_percent: parse_percent(parts[4]),
+                mount: parts[5].to_owned(),
+            })
+        })
+        .collect()
+}
+
+fn parse_services(sections: &BTreeMap<String, Vec<String>>) -> Vec<ServiceSnapshot> {
+    sections
+        .get("services")
+        .into_iter()
+        .flatten()
+        .filter_map(|line| {
+            let parts: Vec<&str> = line.split('|').collect();
+            (parts.len() >= 4).then(|| {
+                let active = parts[1].to_owned();
+                let sub = parts[2].to_owned();
+                let level = if active == "active" {
+                    HealthLevel::Ok
+                } else if active == "unknown" || active == "inactive" {
+                    HealthLevel::Warning
+                } else {
+                    HealthLevel::Critical
+                };
+                ServiceSnapshot {
+                    name: parts[0].to_owned(),
+                    active,
+                    sub,
+                    unit_file: parts[3].to_owned(),
+                    level,
+                }
+            })
+        })
+        .collect()
+}
+
+fn parse_probes(sections: &BTreeMap<String, Vec<String>>) -> Vec<ProbeSnapshot> {
+    sections
+        .get("probes")
+        .into_iter()
+        .flatten()
+        .filter_map(|line| {
+            let parts: Vec<&str> = line.split('|').collect();
+            (parts.len() >= 4).then(|| {
+                let http_code = parts[2].to_owned();
+                let elapsed_ms = parts[3].parse().ok();
+                let level = if http_code.starts_with('2') {
+                    HealthLevel::Ok
+                } else if http_code == "000" {
+                    HealthLevel::Critical
+                } else {
+                    HealthLevel::Critical
+                };
+                ProbeSnapshot {
+                    name: parts[0].to_owned(),
+                    target: parts[1].to_owned(),
+                    http_code,
+                    elapsed_ms,
+                    level,
+                }
+            })
+        })
+        .collect()
+}
+
+fn parse_health_patrol(sections: &BTreeMap<String, Vec<String>>) -> Option<HealthPatrolSnapshot> {
+    let line = section_value(sections, "health_patrol")?;
+    let parts: Vec<&str> = line.split('|').collect();
+    let status = parts.first().copied().unwrap_or_default().to_owned();
+    let level = match status.as_str() {
+        "OK" => HealthLevel::Ok,
+        "WARNING" => HealthLevel::Warning,
+        "CRITICAL" => HealthLevel::Critical,
+        _ => HealthLevel::Unknown,
+    };
+    Some(HealthPatrolSnapshot {
+        status,
+        checked_at: parts.get(1).copied().unwrap_or_default().to_owned(),
+        summary: parts.get(2).copied().unwrap_or_default().to_owned(),
+        level,
+    })
+}
+
+fn parse_percent(value: &str) -> Option<u8> {
+    value.trim_end_matches('%').parse().ok()
+}
+
+pub const HEALTH_SCRIPT: &str = r#"set -eu
+
+print_section() {
+  printf '==GENARRATIVE_PANEL:%s==\n' "$1"
+}
+
+print_section checked_at
+date -Is 2>/dev/null || date
+
+print_section hostname
+hostname 2>/dev/null || true
+
+print_section kernel
+uname -srmo 2>/dev/null || uname -a 2>/dev/null || true
+
+print_section uptime
+uptime -p 2>/dev/null || uptime 2>/dev/null || true
+
+print_section cpu_model
+awk -F: '/model name/ {gsub(/^[ \t]+/, "", $2); print $2; exit}' /proc/cpuinfo 2>/dev/null || true
+
+print_section cpu_cores
+nproc 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null || true
+
+print_section load_average
+cat /proc/loadavg 2>/dev/null | awk '{print $1" "$2" "$3}' || true
+
+print_section memory
+awk '
+  /^MemTotal:/ {total=$2}
+  /^MemFree:/ {free=$2}
+  /^MemAvailable:/ {available=$2}
+  END {
+    if (total > 0) {
+      used = total - free
+      percent = int((used * 100 + total / 2) / total)
+      printf "%.1f GiB|%.1f GiB|%.1f GiB|%.1f GiB|%d%%\n", total/1048576, used/1048576, free/1048576, available/1048576, percent
+    }
+  }
+' /proc/meminfo 2>/dev/null || true
+
+print_section swap
+awk '
+  /^SwapTotal:/ {total=$2}
+  /^SwapFree:/ {free=$2}
+  END {
+    if (total > 0) {
+      used = total - free
+      percent = int((used * 100 + total / 2) / total)
+      printf "%.1f GiB|%.1f GiB|%.1f GiB|%.1f GiB|%d%%\n", total/1048576, used/1048576, free/1048576, free/1048576, percent
+    } else {
+      print "0 GiB|0 GiB|0 GiB|0 GiB|0%"
+    }
+  }
+' /proc/meminfo 2>/dev/null || true
+
+print_section disks
+for mount in / /var /opt /stdb /data; do
+  if [ -e "$mount" ]; then
+    df -hP "$mount" 2>/dev/null | awk 'NR == 2 {print $1"|"$2"|"$3"|"$4"|"$5"|"$6}'
+  fi
+done | awk '!seen[$6]++'
+
+print_section sensors
+if command -v sensors >/dev/null 2>&1; then
+  sensors 2>/dev/null | sed -n '1,20p'
+else
+  echo "sensors 未安装"
+fi
+
+print_section services
+for service in genarrative-api.service spacetimedb.service nginx.service genarrative-health-patrol.timer genarrative-database-backup.timer; do
+  active=$(systemctl is-active "$service" 2>/dev/null || true)
+  sub=$(systemctl show "$service" -p SubState --value 2>/dev/null || true)
+  unit_file=$(systemctl show "$service" -p UnitFileState --value 2>/dev/null || true)
+  [ -n "$active" ] || active="unknown"
+  [ -n "$sub" ] || sub="unknown"
+  [ -n "$unit_file" ] || unit_file="unknown"
+  printf '%s|%s|%s|%s\n' "$service" "$active" "$sub" "$unit_file"
+done
+
+print_section probes
+probe() {
+  name="$1"
+  url="$2"
+  tmp=$(mktemp)
+  code=$(curl -fsS -m 5 -o /dev/null -w '%{http_code}|%{time_total}' "$url" 2>"$tmp" || true)
+  if [ -z "$code" ]; then
+    code="000|0"
+  fi
+  http_code=${code%%|*}
+  time_total=${code#*|}
+  elapsed_ms=$(awk "BEGIN {printf \"%d\", $time_total * 1000}")
+  printf '%s|%s|%s|%s\n' "$name" "$url" "$http_code" "$elapsed_ms"
+  rm -f "$tmp"
+}
+probe "api:/healthz" "http://127.0.0.1:8082/healthz"
+probe "api:/readyz" "http://127.0.0.1:8082/readyz"
+probe "spacetimedb:/v1/ping" "http://127.0.0.1:3101/v1/ping"
+probe "public:/api/creation-entry/config" "http://127.0.0.1:8082/api/creation-entry/config"
+probe "public:/api/runtime/puzzle/gallery" "http://127.0.0.1:8082/api/runtime/puzzle/gallery"
+
+print_section health_patrol
+if [ -r /var/lib/genarrative/health-patrol/status.json ]; then
+  node -e '
+    const fs = require("fs");
+    const payload = JSON.parse(fs.readFileSync("/var/lib/genarrative/health-patrol/status.json", "utf8"));
+    const status = payload.status || "UNKNOWN";
+    const checkedAt = payload.checkedAt || "";
+    const checks = Array.isArray(payload.checks) ? payload.checks : [];
+    const summary = checks.filter((check) => check.status && check.status !== "OK").slice(0, 3).map((check) => `${check.name}:${check.status}`).join(",");
+    console.log(`${status}|${checkedAt}|${summary}`);
+  ' 2>/dev/null || echo "UNKNOWN||状态文件解析失败"
+else
+  echo "UNKNOWN||未找到 /var/lib/genarrative/health-patrol/status.json"
+fi
+"#;
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn parses_report_sections() {
+        let report = parse_health_report(
+            r#"==GENARRATIVE_PANEL:checked_at==
+2026-06-11T12:00:00+08:00
+==GENARRATIVE_PANEL:hostname==
+release
+==GENARRATIVE_PANEL:memory==
+2.0 GiB|1.0 GiB|1.0 GiB|1.0 GiB|50%
+==GENARRATIVE_PANEL:disks==
+/dev/sda1|40G|20G|20G|50%|/
+==GENARRATIVE_PANEL:services==
+genarrative-api.service|active|running|enabled
+spacetimedb.service|failed|failed|enabled
+==GENARRATIVE_PANEL:probes==
+api:/readyz|http://127.0.0.1:8082/readyz|200|18
+==GENARRATIVE_PANEL:health_patrol==
+WARNING|2026-06-11T11:59:00Z|journal:WARNING
+"#,
+        );
+
+        assert_eq!(report.host.hostname, "release");
+        assert_eq!(report.hardware.memory.used_percent, Some(50));
+        assert_eq!(report.services.len(), 2);
+        assert_eq!(report.probes[0].http_code, "200");
+        assert_eq!(report.status, HealthLevel::Critical);
+    }
+}
diff --git a/server-rs/crates/server-manager-panel/src/lib.rs b/server-rs/crates/server-manager-panel/src/lib.rs
new file mode 100644
index 00000000..4b8838f4
--- /dev/null
+++ b/server-rs/crates/server-manager-panel/src/lib.rs
@@ -0,0 +1,5 @@
+pub mod app;
+pub mod fonts;
+pub mod health;
+pub mod remote;
+pub mod ssh_config;
diff --git a/server-rs/crates/server-manager-panel/src/main.rs b/server-rs/crates/server-manager-panel/src/main.rs
new file mode 100644
index 00000000..888f683b
--- /dev/null
+++ b/server-rs/crates/server-manager-panel/src/main.rs
@@ -0,0 +1,21 @@
+use eframe::egui;
+use server_manager_panel::app::ServerManagerApp;
+use server_manager_panel::fonts::install_cjk_font;
+
+fn main() -> eframe::Result<()> {
+    let native_options = eframe::NativeOptions {
+        viewport: egui::ViewportBuilder::default()
+            .with_inner_size([1180.0, 760.0])
+            .with_min_inner_size([920.0, 620.0]),
+        ..Default::default()
+    };
+
+    eframe::run_native(
+        "Genarrative 服务器管理面板",
+        native_options,
+        Box::new(|cc| {
+            install_cjk_font(&cc.egui_ctx);
+            Ok(Box::new(ServerManagerApp::default()))
+        }),
+    )
+}
diff --git a/server-rs/crates/server-manager-panel/src/remote.rs b/server-rs/crates/server-manager-panel/src/remote.rs
new file mode 100644
index 00000000..61b9d5b7
--- /dev/null
+++ b/server-rs/crates/server-manager-panel/src/remote.rs
@@ -0,0 +1,231 @@
+use std::io::Write;
+use std::process::{Command, Stdio};
+use std::sync::mpsc;
+use std::thread;
+use std::time::{Duration, Instant};
+
+use crate::health::{HEALTH_SCRIPT, ServerHealthReport, parse_health_report};
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum ServiceAction {
+    Start,
+    Stop,
+    Restart,
+}
+
+impl ServiceAction {
+    pub fn as_systemctl_arg(self) -> &'static str {
+        match self {
+            ServiceAction::Start => "start",
+            ServiceAction::Stop => "stop",
+            ServiceAction::Restart => "restart",
+        }
+    }
+
+    pub fn label(self) -> &'static str {
+        match self {
+            ServiceAction::Start => "启动",
+            ServiceAction::Stop => "关闭",
+            ServiceAction::Restart => "重启",
+        }
+    }
+}
+
+#[derive(Debug, Clone)]
+pub struct RemoteCommandResult {
+    pub success: bool,
+    pub summary: String,
+    pub stdout: String,
+    pub stderr: String,
+}
+
+#[derive(Debug)]
+pub enum RemoteEvent {
+    Health {
+        alias: String,
+        result: Result<ServerHealthReport, String>,
+    },
+    ServiceAction {
+        alias: String,
+        service: String,
+        action: ServiceAction,
+        result: RemoteCommandResult,
+    },
+}
+
+pub type RemoteSender = mpsc::Sender<RemoteEvent>;
+pub type RemoteReceiver = mpsc::Receiver<RemoteEvent>;
+
+pub fn channel() -> (RemoteSender, RemoteReceiver) {
+    mpsc::channel()
+}
+
+pub fn spawn_health_check(alias: String, tx: RemoteSender) {
+    thread::spawn(move || {
+        let result =
+            run_ssh_script(&alias, HEALTH_SCRIPT, Duration::from_secs(20)).and_then(|output| {
+                if output.success {
+                    Ok(parse_health_report(&output.stdout))
+                } else {
+                    Err(format_remote_error(&output))
+                }
+            });
+        let _ = tx.send(RemoteEvent::Health { alias, result });
+    });
+}
+
+pub fn spawn_service_action(
+    alias: String,
+    service: String,
+    action: ServiceAction,
+    tx: RemoteSender,
+) {
+    thread::spawn(move || {
+        let result = if is_safe_service_name(&service) {
+            run_ssh_script(
+                &alias,
+                &build_service_action_script(&service, action),
+                Duration::from_secs(20),
+            )
+            .unwrap_or_else(|error| RemoteCommandResult {
+                success: false,
+                summary: error,
+                stdout: String::new(),
+                stderr: String::new(),
+            })
+        } else {
+            RemoteCommandResult {
+                success: false,
+                summary: "服务名包含不允许的字符".to_owned(),
+                stdout: String::new(),
+                stderr: String::new(),
+            }
+        };
+        let _ = tx.send(RemoteEvent::ServiceAction {
+            alias,
+            service,
+            action,
+            result,
+        });
+    });
+}
+
+pub fn is_safe_service_name(service: &str) -> bool {
+    !service.is_empty()
+        && service.len() <= 128
+        && service.bytes().all(|byte| {
+            matches!(
+                byte,
+                b'a'..=b'z'
+                    | b'A'..=b'Z'
+                    | b'0'..=b'9'
+                    | b'.'
+                    | b'_'
+                    | b'-'
+                    | b'@'
+                    | b':'
+            )
+        })
+}
+
+fn build_service_action_script(service: &str, action: ServiceAction) -> String {
+    format!(
+        r#"set -eu
+service='{service}'
+action='{action}'
+if [ "$(id -u)" = "0" ]; then
+  systemctl "$action" "$service"
+else
+  sudo -n systemctl "$action" "$service"
+fi
+systemctl is-active "$service" || true
+systemctl status "$service" --no-pager -l -n 12 || true
+"#,
+        service = service,
+        action = action.as_systemctl_arg()
+    )
+}
+
+fn run_ssh_script(
+    alias: &str,
+    script: &str,
+    timeout: Duration,
+) -> Result<RemoteCommandResult, String> {
+    let started = Instant::now();
+    let mut child = Command::new("ssh")
+        .arg("-o")
+        .arg("BatchMode=yes")
+        .arg("-o")
+        .arg("ConnectTimeout=8")
+        .arg(alias)
+        .arg("sh")
+        .arg("-s")
+        .stdin(Stdio::piped())
+        .stdout(Stdio::piped())
+        .stderr(Stdio::piped())
+        .spawn()
+        .map_err(|error| format!("无法启动 ssh: {error}"))?;
+
+    {
+        // 中文注释：写完脚本后必须关闭 stdin，让远端 `sh -s` 收到 EOF 并开始退出。
+        let Some(mut stdin) = child.stdin.take() else {
+            return Err("无法写入 ssh stdin".to_owned());
+        };
+        stdin
+            .write_all(script.as_bytes())
+            .map_err(|error| format!("写入远端脚本失败: {error}"))?;
+    }
+
+    loop {
+        match child.try_wait() {
+            Ok(Some(_status)) => {
+                let output = child
+                    .wait_with_output()
+                    .map_err(|error| format!("读取 ssh 输出失败: {error}"))?;
+                let success = output.status.success();
+                return Ok(RemoteCommandResult {
+                    success,
+                    summary: if success {
+                        "执行成功".to_owned()
+                    } else {
+                        format!("ssh 退出码 {:?}", output.status.code())
+                    },
+                    stdout: String::from_utf8_lossy(&output.stdout).into_owned(),
+                    stderr: String::from_utf8_lossy(&output.stderr).into_owned(),
+                });
+            }
+            Ok(None) if started.elapsed() >= timeout => {
+                let _ = child.kill();
+                let _ = child.wait();
+                return Err(format!("ssh 执行超过 {} 秒", timeout.as_secs()));
+            }
+            Ok(None) => thread::sleep(Duration::from_millis(80)),
+            Err(error) => return Err(format!("等待 ssh 进程失败: {error}")),
+        }
+    }
+}
+
+fn format_remote_error(result: &RemoteCommandResult) -> String {
+    let stderr = result.stderr.trim();
+    let stdout = result.stdout.trim();
+    if !stderr.is_empty() {
+        format!("{}: {}", result.summary, stderr)
+    } else if !stdout.is_empty() {
+        format!("{}: {}", result.summary, stdout)
+    } else {
+        result.summary.clone()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn allows_systemd_unit_names_only() {
+        assert!(is_safe_service_name("genarrative-api.service"));
+        assert!(is_safe_service_name("worker@1.service"));
+        assert!(!is_safe_service_name("api.service;rm -rf /"));
+        assert!(!is_safe_service_name(""));
+    }
+}
diff --git a/server-rs/crates/server-manager-panel/src/ssh_config.rs b/server-rs/crates/server-manager-panel/src/ssh_config.rs
new file mode 100644
index 00000000..163b1013
--- /dev/null
+++ b/server-rs/crates/server-manager-panel/src/ssh_config.rs
@@ -0,0 +1,143 @@
+use std::collections::HashSet;
+use std::fs;
+use std::path::{Path, PathBuf};
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub struct SshAlias {
+    pub name: String,
+    pub source: PathBuf,
+}
+
+pub fn discover_ssh_aliases() -> Vec<SshAlias> {
+    let Some(home) = std::env::var_os("HOME") else {
+        return Vec::new();
+    };
+    let config_path = PathBuf::from(home).join(".ssh/config");
+    discover_from_file(&config_path)
+}
+
+pub fn discover_from_file(path: &Path) -> Vec<SshAlias> {
+    let mut visited = HashSet::new();
+    let mut aliases = Vec::new();
+    discover_inner(path, &mut visited, &mut aliases);
+    dedupe_aliases(aliases)
+}
+
+fn discover_inner(path: &Path, visited: &mut HashSet<PathBuf>, aliases: &mut Vec<SshAlias>) {
+    let Ok(canonical) = path.canonicalize() else {
+        return;
+    };
+    if !visited.insert(canonical.clone()) {
+        return;
+    }
+    let Ok(content) = fs::read_to_string(&canonical) else {
+        return;
+    };
+
+    for line in content.lines() {
+        let trimmed = trim_comment(line);
+        let mut parts = trimmed.split_whitespace();
+        let Some(keyword) = parts.next() else {
+            continue;
+        };
+        if keyword.eq_ignore_ascii_case("host") {
+            aliases.extend(parts.filter_map(|name| {
+                is_concrete_alias(name).then(|| SshAlias {
+                    name: name.to_owned(),
+                    source: canonical.clone(),
+                })
+            }));
+        } else if keyword.eq_ignore_ascii_case("include") {
+            for include in parts {
+                for include_path in expand_include_path(include, canonical.parent()) {
+                    discover_inner(&include_path, visited, aliases);
+                }
+            }
+        }
+    }
+}
+
+fn dedupe_aliases(aliases: Vec<SshAlias>) -> Vec<SshAlias> {
+    let mut seen = HashSet::new();
+    let mut deduped = Vec::new();
+    for alias in aliases {
+        if seen.insert(alias.name.clone()) {
+            deduped.push(alias);
+        }
+    }
+    deduped
+}
+
+fn trim_comment(line: &str) -> &str {
+    line.split('#').next().unwrap_or("").trim()
+}
+
+fn is_concrete_alias(value: &str) -> bool {
+    !value.is_empty()
+        && !value.starts_with('-')
+        && !value.starts_with('!')
+        && !value.contains('*')
+        && !value.contains('?')
+        && !value.contains('%')
+        && !value.contains('/')
+}
+
+fn expand_include_path(raw: &str, parent: Option<&Path>) -> Vec<PathBuf> {
+    if raw.contains('*') || raw.contains('?') {
+        // 中文注释：SSH Include 支持复杂 glob；面板只解析普通文件，避免误扫过大目录。
+        return Vec::new();
+    }
+    let expanded = if let Some(rest) = raw.strip_prefix("~/") {
+        std::env::var_os("HOME")
+            .map(PathBuf::from)
+            .map(|home| home.join(rest))
+    } else {
+        let path = PathBuf::from(raw);
+        if path.is_absolute() {
+            Some(path)
+        } else {
+            parent.map(|base| base.join(path))
+        }
+    };
+    expanded.into_iter().collect()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn host_parser_ignores_wildcards_and_negations() {
+        let mut aliases = Vec::new();
+        let source = PathBuf::from("/tmp/config");
+        for line in [
+            "Host dev release *.internal !blocked",
+            "Host github.com",
+            "Host ?pattern",
+            "Host -bad",
+        ] {
+            let trimmed = trim_comment(line);
+            let mut parts = trimmed.split_whitespace();
+            let keyword = parts.next().unwrap();
+            if keyword.eq_ignore_ascii_case("host") {
+                aliases.extend(parts.filter_map(|name| {
+                    is_concrete_alias(name).then(|| SshAlias {
+                        name: name.to_owned(),
+                        source: source.clone(),
+                    })
+                }));
+            }
+        }
+
+        let names: Vec<_> = dedupe_aliases(aliases)
+            .into_iter()
+            .map(|alias| alias.name)
+            .collect();
+        assert_eq!(names, ["dev", "release", "github.com"]);
+    }
+
+    #[test]
+    fn comment_trimming_keeps_plain_aliases() {
+        assert_eq!(trim_comment("  Host dev # release host "), "Host dev");
+    }
+}